bridge.sol: charge recipient for withdraw relay cost and ignore too low values

2018-01-04 15:42:36 +01:00 · 2018-01-04 15:42:36 +01:00 · 178b2de87b
parent f86400a810
commit 178b2de87b
1 changed files with 20 additions and 4 deletions
--- a/contracts/bridge.sol
+++ b/contracts/bridge.sol
@ -161,13 +161,29 @@ contract HomeBridge {
            hash := mload(add(message, 84))
        }

-        // Duplicated withdraw
+        // The following two statements guard against reentry into this function.
+        // Duplicated withdraw or reentry.
        require(!withdraws[hash]);
-
        // Order of operations below is critical to avoid TheDAO-like re-entry bug
        withdraws[hash] = true;
-        recipient.transfer(value);
-        Withdraw(recipient, value);
+
+        uint estimatedWeiCostOfWithdraw = estimatedGasCostOfWithdraw * tx.gasprice;
+
+        // this fails if `value` is not even enough to cover the relay cost.
+        // Authorities simply IGNORE withdraws where `value` can’t relay cost.
+        // Think of it as `value` getting burned entirely on the relay with no value left to pay out the recipient.
+        require(value > estimatedWeiCostOfWithdraw);
+
+        // charge recipient for relay cost
+        uint valueRemainingAfterSubtractingCost = value - estimatedWeiCostOfWithdraw;
+
+        // pay out recipient
+        recipient.transfer(valueRemainingAfterSubtractingCost);
+
+        // refund relay cost to relaying authority
+        msg.sender.transfer(estimatedWeiCostOfWithdraw);
+
+        Withdraw(recipient, valueRemainingAfterSubtractingCost);
    }
 }