'Need some help resolving smart contract warnings

New solidity programmer here.

I'm trying to create a smart contract where a user can create a Bounty. The creator sets the bounty on the smart contract in the constructor. They can subsequently choose the recipient of the funds after evaluation of some criteria. They can cancel, increase the bounty.

I tested the code out and it appears to work, but I'm getting some warnings in remix IDE that I don't know how to fix. enter image description here

Could some one show me how its supposed to be done?

contract Bounty {
    address payable public owner;
    address payable public provider;
    uint256 private bounty;
    bool isActive;
    event IncreaseBounty (uint256 oldBounty, uint256 newBounty);
    event Paid(address owner, address payee, uint256 amount);
    event Cancel(address owner, uint256 amount);

    constructor() payable {
        owner = payable(msg.sender);
        bounty = msg.value;
        isActive = true;
    }

    function cancel() public {
        require(isActive, "contract must be active");
        require(owner == msg.sender, "Only the owner can cancel the bounty");
        uint256 bountyTemp = bounty;
        bounty = 0;
        owner.transfer(bountyTemp);
        isActive = false;
        emit Cancel(msg.sender, bountyTemp);
    }

    function setAndTransferToProvider(address addy) public {
        require(isActive, "contract must be active");
        require(owner == msg.sender, "Only the owner release the funds");
        provider = payable(addy);
        provider.transfer(bounty);
        uint256 bountyUsed = bounty;
        bounty = 0;
        isActive = false;
        emit Paid(owner, provider, bountyUsed);
    }

    function increaseBounty() payable external returns (uint256) {
        require(isActive, "contract must be active");
        require(owner == msg.sender, "Only the owner can increase the bounty");
        uint oldBounty = bounty;
        bounty += uint(msg.value);
        emit IncreaseBounty(oldBounty, bounty);
        return bounty;
    }
    
    function getBounty() public view returns (uint256) {
        require(isActive, "contract must be active");
        return bounty;
    }
}
solidity


Solution 1:[1]

Try to put this line

provider.transfer(bounty);

right before the emit of the events on every function.

You can check this article for more understanding of reentrancy attacks.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Niccolò Fant

Related Questions

Uploading metadata to IPFS using Pinata API for NFTs

Error in plugin @nomiclabs/hardhat-etherscan: The contract verification failed. Reason: Fail - Unable to verify - with arguments

VS Code 2 errors: 1st is "Import 'solcx' could not be resolved." 2nd issue is given in terminal as "INFO: Could not find files for the given patterns

UseDapp - useCall - How to get return value from Solidity function?

Web3 Cannot get value of a public variable from contract

ParserError: Source file requires different compiler version (current compiler is 0.8.7+commit.e28d00a7.Emscripten.clang)

can't import module from solidity file to python file in brownie; ImportError: cannot import name 'AdvancedCollectible' from 'brownie'

ERROR: brownie.exceptions.RPCConnectionError: Able to launch RPC client, but unable to connect

Solidity Error: member balance not found or not visible after argument-dependent lookup in contract

ERROR Brownie Mainnet Fork Testing `brownie.exceptions.VirtualMachineError: revert` problem or other?

Passing a Struct Array to constructor of Solidity Contract

Deploying a Smart Contract

Getting a smart contract, web3 python

I can't get "Typechain" folder when I install dependencies using hardhat

ERC721A smart contract