Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Remove isContract due to potential misuse

See original GitHub issue

In spite of the warnings provided in the comments of the function itself, the name isContract is a misnomer and creates a potential security risk for anyone who doesn’t bother to read the notes or someone who is reviewing a 3rd party contract that uses this fn.

There is a misconception that calling this function will return false if the address is an eoa. This can lead to the inadvertant introduction of an exploit and other risks already clearly identified in the comments. But comments inside the function are not enough in this case where the name of the fn is so blatantly misleading.

Propose changing the name of the function to hasCode which is much more descriptive of what the function does. This should be a breaking change and may end up being a wake up call to anyone who has been misusing the fn to date.

Issue Analytics

  • State:open
  • Created a year ago
  • Reactions:9
  • Comments:12 (6 by maintainers)

github_iconTop GitHub Comments

3reactions
devtooligancommented, May 18, 2022

@Amxx I would propose manually inlining the logic, but instead of assembly we use address(..).code.size

2reactions
frangiocommented, May 17, 2022

assertIsContract would be safe, but I’m not sure what it would be useful for. isContract is necessary to implement standards like ERC721 and ERC1155.

Nowadays Solidity has addr.code.lengh that we could use directly. When Address.isContract was introduced this feature didn’t exist and isContract was used to wrap the necessary assembly.

Note that removal of isContract would be a breaking change, so the best we can do now is to deprecate it and mark it for removal in 5.0. I would be in favor of this.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Substance Abuse Confidentiality Regulations - SAMHSA
Frequently Asked Questions (FAQs) and Fact Sheets regarding the Substance Abuse Confidentiality Regulations.
Read more >
Part 22 - Application of Labor Laws to Government Acquisitions
If a contractor or subcontractor fails or refuses to comply with the labor standards clauses of the Construction Wage Rate Requirements statute and...
Read more >
Credit Derivative: Definition, Types, and Potential Misuse
The contract allows for the transfer of credit risk related to an underlying entity from one party to another without transferring the actual...
Read more >
GAO-06-382SP Principles of Federal Appropriations Law
A conceptually related situation is a contract that gives the government the ... the potential for abuse of the power is sufficient to...
Read more >
Terminating a Contract Employee Before the Contract End Date
Generally, it is not possible to terminate an employment contract before the end date arrives, ... Physical or verbal abuse can also lead...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add a function for shrinking memory arrays

Next page

ERC2981 - Let royaltyFraction (royalty fee) accessible for each tokens