mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #11783 from ethereum/authorized_proxies
Authorized Proxies
This commit is contained in:
commit
23b16a1e20
@ -193,6 +193,39 @@ Note that ``.send()`` does **not** throw an exception if the call stack is
|
||||
depleted but rather returns ``false`` in that case. The low-level functions
|
||||
``.call()``, ``.delegatecall()`` and ``.staticcall()`` behave in the same way.
|
||||
|
||||
Authorized Proxies
|
||||
==================
|
||||
|
||||
If your contract can act as a proxy, i.e. if it can call arbitrary contracts
|
||||
with user-supplied data, then the user can essentially assume the identity
|
||||
of the proxy contract. Even if you have other protective measures in place,
|
||||
it is best to build your contract system such that the proxy does not have
|
||||
any permissions (not even for itself). If needed, you can accomplish that
|
||||
using a second proxy:
|
||||
|
||||
.. code-block:: solidity
|
||||
|
||||
// SPDX-License-Identifier: GPL-3.0
|
||||
pragma solidity ^0.8.0;
|
||||
contract ProxyWithMoreFunctionality {
|
||||
PermissionlessProxy proxy;
|
||||
|
||||
function callOther(address _addr, bytes memory _payload) public
|
||||
returns (bool, bytes memory) {
|
||||
return proxy.callOther(_addr, _payload);
|
||||
}
|
||||
// Other functions and other functionality
|
||||
}
|
||||
|
||||
// This is the full contract, it has no other functionality and
|
||||
// requires no privileges to work.
|
||||
contract PermissionlessProxy {
|
||||
function callOther(address _addr, bytes memory _payload) public
|
||||
returns (bool, bytes memory) {
|
||||
return _addr.call(_payload);
|
||||
}
|
||||
}
|
||||
|
||||
tx.origin
|
||||
=========
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user