Gas cost, msg.sender.call and re-entrancy

I have a few doubts about using msg.sender.call to transfer ETH.
While it makes sense that this is more future proof in the face of changing gas costs, I wonder:

If msg.sender.call sends all the remaining gas, and then this gas can be used by re-entrancy wouldn’t that still be a way to render my contract unusable (no gas left) and broke (multiple calls).

It could be done simply for malice…

What am I missing here? Does the gas come from the original contract?
Like Contract B calling Contract_A.withdraw() and sending gas B->A?
That would of course mean that B can’t abuse A.withdraw() because the Gas comes out of its own pocket.

Yes, the gas comes from Contract B. The user(msg.sender) executes Contract B’s function so if the user tries to do a re-entrancy attack, assuming that Contract A uses check-effect-interaction pattern, the user will just lose the paid gas.

2 Likes

excellent! thanks a lot! now its much clearer to me.

1 Like