diff --git a/wallet/wallet.sol b/wallet/wallet.sol index c522a9b..5876615 100644 --- a/wallet/wallet.sol +++ b/wallet/wallet.sol @@ -337,7 +337,9 @@ contract Wallet is multisig, multiowned, daylimit { // and _data arguments). They still get the option of using them if they want, anyways. function execute(address _to, uint _value, bytes _data) external onlyowner returns (bytes32 _r) { // first, take the opportunity to check that we're under the daily limit. - if (underLimit(_value)) { + // we also must check that there is no data (this is not a contract invocation), + // since we are unable to determine the value outcome of it. + if (underLimit(_value) && _data.length == 0 && !hasCode(_to)) { SingleTransact(msg.sender, _value, _to, _data); // yes - just execute the call. _to.call.value(_value)(_data); @@ -373,6 +375,13 @@ contract Wallet is multisig, multiowned, daylimit { super.clearPending(); } + // Used to determine if an address may execute code + function hasCode(address _addr) returns (bool) { + uint size; + assembly { size := extcodesize(_addr) } + return size > 0; + } + // FIELDS // pending transactions we have at present.