From 879f1b3e26a624833199ac524f76c21ed75095b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20=C5=9Aliwak?= Date: Thu, 25 Mar 2021 19:49:32 +0100 Subject: [PATCH] docs: Mention that low-level calls do not have an extcodesize check --- docs/control-structures.rst | 2 ++ docs/units-and-global-variables.rst | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/docs/control-structures.rst b/docs/control-structures.rst index 2549aafbc..9cdd547f6 100644 --- a/docs/control-structures.rst +++ b/docs/control-structures.rst @@ -109,6 +109,8 @@ Due to the fact that the EVM considers a call to a non-existing contract to always succeed, Solidity uses the ``extcodesize`` opcode to check that the contract that is about to be called actually exists (it contains code) and causes an exception if it does not. +Note that this check is not performed in case of :ref:`low-level calls ` which +operate on addresses rather than contract instances. Function calls also cause exceptions if the called contract itself throws an exception or goes out of gas. diff --git a/docs/units-and-global-variables.rst b/docs/units-and-global-variables.rst index afb8b0067..1cad59e42 100644 --- a/docs/units-and-global-variables.rst +++ b/docs/units-and-global-variables.rst @@ -262,6 +262,16 @@ For more information, see the section on :ref:`address`. to make safe Ether transfers, always check the return value of ``send``, use ``transfer`` or even better: Use a pattern where the recipient withdraws the money. +.. warning:: + Due to the fact that the EVM considers a call to a non-existing contract to always succeed, + Solidity includes an extra check using the ``extcodesize`` opcode when performing external calls. + This ensures that the contract that is about to be called either actually exists (it contains code) + or an exception is raised. + + The low-level calls which operate on addresses rather than contract instances (i.e. ``.call()``, + ``.delegatecall()``, ``.staticcall()``, ``.send()`` and ``.transfer()``) **do not** include this + check, which makes them cheaper in terms of gas but also less safe. + .. note:: Prior to version 0.5.0, Solidity allowed address members to be accessed by a contract instance, for example ``this.balance``. This is now forbidden and an explicit conversion to address must be done: ``address(this).balance``.