# 智能合约编写注意事项

## Overflow 与 Underflow

Solidity 可以处理 256 位数字, 最高为 2256 – 1, 所以对 (2 256 – 1) 加 1 会导致归 0。同理, 对 unsigned 类型 0 做减 1 运算会得到 (2**256 – 1)

``````pragma solidity 0.4.18;
contract OverflowUnderflow {
uint public zero = 0;
uint public max = 2**256 - 1;
// zero will end up at  2 ** 256 - 1
function underflow() public {
zero -= 1;
}
function overflow() public {
max += 1;
}
}``````

``````pragma solidity 0.4.18;
library SafeMath {
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
if (a==0) {
return 0;
}
uint c = a * b;
assert(c / a == b);
return c;
}
function div(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a / b;
return c;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
assert(b <= a);
return a - b;
}
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
assert(c >= a);
return c;
}
}
contract OverflowUnderflow {
using SafeMath for uint;
uint public zero = 0;
uint public max = 2 ** 256 - 1;
function underflow() public {
zero = zero.sub(1);
}
function overflow() public {
}
}``````

## Visibility 与 Delegatecall

• Public functions 可以被任意地址调用
• External functions 只能从合约外部调用
• Private functions 只能从合约内部调用
• Internal functions 允许从合约及其子合约调用

External functions 消耗的 gas 比 public 少, 因为其使用 calldata 而 Public 需要复制所有参数到 memory。

## Delegatecall

Delegatecall is identical to a message call apart from the fact that the code at the target address is executed in the context of the calling contract and msg.sender and msg.value do not change their values.
This means that a contract can dynamically load code from a different address at runtime. Storage, current address and balance still refer to the calling contract, only the code is taken from the called address.

``````pragma solidity 0.4.18;
contract Delegate {
owner = _owner;
}
function pwn() public {
owner = msg.sender;
}
}
contract Deletagion {
Delegate delegate;
owner = msg.sender;
}
// an attacker can call Delegate.pwn() in the context of Delegation, this means that pwn() will modify the state of **Delegation** and not Delegate, the result is that the attacker takes unauthorized ownership of the contract.
function () public {
if(delegate.delegatecall(msg.data)) {
this;
}
}
}``````

## Reentrancy(TheDAO hack)

Solidity 中 call 函数被调用时, 如果带有 value 参数, 则会转发所有他所收到的 gas。

``````function withdraw(uint _amount) public {
if(balances[msg.sender] >= _amount) {
if(msg.sender.call.value(_amount)()) {
_amount;
}
balances[msg.sender] -= amount;
}
}``````

``````In simple words, it’s like the bank teller doesn’t change your balance until she has given you all the money you requested. “Can I withdraw \$500? Wait, before that , can I withdraw \$500?”

And so on. The smart contracts as designed only check you have \$500 at beginning once, and allow themselves to be interrupted.`````` 