ethereum - 避免使用solidity的transfer()/send()？

Question

我遇到了这个 article关于避免使用solidity 的transfer()/send() 的日期为2019/9。以下是文章中的推理:

It looks like EIP 1884 is headed our way in the Istanbul hard fork. This change increases the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.

Those contracts will break because their fallback functions used to consume less than 2300 gas, and they’ll now consume more. Why is 2300 gas significant? It’s the amount of gas a contract’s fallback function receives if it’s called via Solidity’s transfer() or send() methods. 1

Since its introduction, transfer() has typically been recommended by the security community because it helps guard against reentrancy attacks. This guidance made sense under the assumption that gas costs wouldn’t change, but that assumption turned out to be incorrect. We now recommend that transfer() and send() be avoided.

在remix中，有一条关于下面代码的警告信息:

  (bool success, ) = recipient.call{value:_amount, gas: _gas}("");

警告:

Low level calls: Use of "call": should be avoided whenever possible. It can lead to unexpected behavior if return value is not handled properly. Please use Direct Calls via specifying the called contract's interface. more

我不是执行智能合约和安全性的 gas 成本方面的专家。因此，我发布了这篇文章，希望能对它提出想法和意见。

Answer 1

从 Consensys 文章中，他们说使用 .call() 而不是 .transfer() 和 .send()。唯一的争论是这三个现在都发送了比 2300 更多的气体。从而使重入成为可能。

由此得出的另一个结论是，不管以上所有情况，使用 checks-effects-interactions pattern 很重要。防止重入攻击。