...by Daniel Szego
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Wednesday, April 4, 2018

Solidity Tips and Tricks - difference between .call.value(), .send() and .transfer()

It is important to understand the difference of semantics and security implications of the different ways of sending ether to a contract:
- .call.value(ether) - sends ether to a contract by giving all the possible gas for the execution having a strong risk for reentrancy attacks. If it is succeeded true is returned if not false. 
- .send(ether) - sends ether to a contract by giving only 2300 gas for the execution making possible to do only logging and event and preventing reentrancy attacks. Similarly to the previous case if the call succeed it returns true, otherwise it returns false. 
- .transfer(ether) is tecnically the same as require(send(ether)), so if the ether sending not succeeding and error will be thrown and the transaction is reverted.