Update security-considerations.rst

lukehutch · Leo Alt · commit b676944c3ffd · 2022-08-30T14:35:31.000+02:00
Explained Checks-Effects-Interactions and added info on Checks-Effects-Events-Interactions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst
@@ -98,7 +98,7 @@ as it uses ``call`` which forwards all remaining gas by default:
     }
 
 To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as
-outlined further below:
+demonstrated below:
 
 .. code-block:: solidity
 
@@ -116,6 +116,13 @@ outlined further below:
         }
     }
 
+The Checks-Effects-Interactions pattern ensures that all code paths through a contract complete all required checks
+of the supplied parameters before modifying the contract's state (Checks); only then it makes any changes to the state (Effects);
+it may make calls to functions in other contracts *after* all planned state changes have been written to
+storage (Interactions). This is a common foolproof way to prevent *re-entrancy attacks*, where an externally called
+malicious contract is able to double-spend an allowance, double-withdraw a balance, among other things, by using logic that calls back into the
+original contract before it has finalized its transaction.
+
 Note that re-entrancy is not only an effect of Ether transfer but of any
 function call on another contract. Furthermore, you also have to take
 multi-contract situations into account. A called contract could modify the

Original file line number	Diff line number	Diff line change
@@ -98,7 +98,7 @@ as it uses ``call`` which forwards all remaining gas by default:
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as`
`101`		`-outlined further below:`
	`101`	`+demonstrated below:`
`102`	`102`
`103`	`103`	`.. code-block:: solidity`
`104`	`104`
`@@ -116,6 +116,13 @@ outlined further below:`
`116`	`116`	`}`
`117`	`117`	`}`
`118`	`118`
	`119`	`+The Checks-Effects-Interactions pattern ensures that all code paths through a contract complete all required checks`
	`120`	`+of the supplied parameters before modifying the contract's state (Checks); only then it makes any changes to the state (Effects);`
	`121`	`+it may make calls to functions in other contracts after all planned state changes have been written to`
	`122`	`+storage (Interactions). This is a common foolproof way to prevent re-entrancy attacks, where an externally called`
	`123`	`+malicious contract is able to double-spend an allowance, double-withdraw a balance, among other things, by using logic that calls back into the`
	`124`	`+original contract before it has finalized its transaction.`
	`125`	`+`
`119`	`126`	`Note that re-entrancy is not only an effect of Ether transfer but of any`
`120`	`127`	`function call on another contract. Furthermore, you also have to take`
`121`	`128`	`multi-contract situations into account. A called contract could modify the`