Solidity NFT – Purpose of nonReentrant Modifier on OnlyOwner Withdraw Method

erc-721ethermintnftsolidity

was going through this nft smartcontract

function withdrawMoney() external onlyOwner nonReentrant {
(bool success, ) = msg.sender.call{value: address(this).balance}("");
require(success, "Transfer failed.");
}

Rentrancy is attack done from another smart contract and method is already onlyOwner, so what is the purpose of nonReentrant modifier?

Best Answer

It's not because there already is onlyOwner that you don't need to add a nonReentrant. A smart contract should also prove to its users that an owner cannot cheat.

Here, because the whole contract balance is sent to the caller, it is impossible to withdraw it twice anyway.

What is still possible is to call the function repeatedly for nothing but a waste of gas and going deeper into the call stack. Both could be feared as attack vectors. And that is perhaps what the super cautious developer had in mind.

The same could probably be achieved, at less cost, with:

require(address(this).balance > 0);

Related Solutions

[Ethereum] How to import files into remix (ERC721 contract)

import "github.com/OpenZeppelin/openzeppelin-solidity/contracts/token/ERC721/IERC721.sol";
import "github.com/OpenZeppelin/openzeppelin-solidity/contracts/token/ERC721/IERC721Receiver.sol";
import "github.com/OpenZeppelin/openzeppelin-solidity/contracts/math/SafeMath.sol";
import "github.com/OpenZeppelin/openzeppelin-solidity/contracts/utils/Address.sol";
import "github.com/OpenZeppelin/openzeppelin-solidity/contracts/drafts/Counters.sol";
import "github.com/OpenZeppelin/openzeppelin-solidity/contracts/introspection/ERC165.sol";

This compiles. I am not sure about the v2.0.0 on counter. I replaced that with master.

Solidity Security – How NonReentrant Modifier Works

It basically checks that the value of localCounter has increased only by one. That means the function has been called only once (within the transaction).

The actual function is executed at _;. Before that it increases the counter by one and assigns the value to a local variable (opposed to the global variable _guardCounter). If the function calls itself, the code comes again to this phase and the counter is again increased by one (both the global and the local).

After the function has finished executing, it makes sure that the local counter is the same as the global counter. The local value will be the same only if the function was called only once - otherwise the global counter has been increased multiple times. If it was called multiple times, the execution will revert.

Best Answer

Related Solutions

[Ethereum] How to import files into remix (ERC721 contract)

Solidity Security – How NonReentrant Modifier Works

Related Topic