was going through this nft smartcontract
function withdrawMoney() external onlyOwner nonReentrant {
(bool success, ) = msg.sender.call{value: address(this).balance}("");
require(success, "Transfer failed.");
}
Rentrancy is attack done from another smart contract and method is already onlyOwner, so what is the purpose of nonReentrant modifier?
Best Answer
It's not because there already is
onlyOwner
that you don't need to add anonReentrant
. A smart contract should also prove to its users that an owner cannot cheat.Here, because the whole contract balance is sent to the caller, it is impossible to withdraw it twice anyway.
What is still possible is to call the function repeatedly for nothing but a waste of gas and going deeper into the call stack. Both could be feared as attack vectors. And that is perhaps what the super cautious developer had in mind.
The same could probably be achieved, at less cost, with: