You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The wallet library has the ability to create contracts if serveTx is called with a null _to address. Contract creation in that case is delegated to the helper function createContract. This function is exposed as public, but it does not require confirmations like the rest of the external interface of WalletMainLib. This may be misleading to a developer, who might accidentally expose createContract in the external interface of a contract thinking it functions like the rest of the wallet’s interface. This function being public would allow extraction of funds by any caller.
Consider changing createContract’s visibility to private, so that it can only be invoked by the interface exposed by WalletMainLib, particularly serveTx.
The text was updated successfully, but these errors were encountered:
The wallet library has the ability to create contracts if serveTx is called with a null _to address. Contract creation in that case is delegated to the helper function createContract. This function is exposed as public, but it does not require confirmations like the rest of the external interface of WalletMainLib. This may be misleading to a developer, who might accidentally expose createContract in the external interface of a contract thinking it functions like the rest of the wallet’s interface. This function being public would allow extraction of funds by any caller.
Consider changing createContract’s visibility to private, so that it can only be invoked by the interface exposed by WalletMainLib, particularly serveTx.
The text was updated successfully, but these errors were encountered: