You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/anti-patterns.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -83,11 +83,11 @@ Accidentally exposed fields can be a security hole.
83
83
### Solution
84
84
85
85
When writing your smart contract, look at every field and function and make sure
86
-
they require access through an [entitlement](./language/access-control.md#entitlements) (`access(E)`),
87
-
or use a non-public [access modifier](./language/access-control.md) like `access(self)`, `access(contract)`, or `access(account)`,
88
-
unless you are making a deliberate design decision to allow completely open and unrestricted access to read that field or call that function.
86
+
that any functions that you don't want every user to be able to access require access through an [entitlement](./language/access-control.md#entitlements) (`access(E)`),
87
+
or use a non-public [access modifier](./language/access-control.md) like `access(self)`, `access(contract)`, or `access(account)`.
88
+
Declaring a function as `access(all)` is a deliberate design decision to allow completely open and unrestricted access to read that field or call that function and should not be taken lightly.
89
89
90
-
The only functions that should be `access(all)` are `view` functions and the only fields that can be `access(all)` are basic types like numbers or addresses.
90
+
The only functions that should be `access(all)` are `view` functions and functions the everyone should be able to access and the only fields that should be `access(all)` are basic types like numbers or addresses.
91
91
Complex fields like arrays, dictionaries, structs, resources, or capabilities should always be `access(self)`.
92
92
93
93
## Capability-Typed public fields are a security hole
Copy file name to clipboardExpand all lines: docs/security-best-practices.md
+5-7Lines changed: 5 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ Some practices listed below might overlap with advice in the [Cadence Anti-Patte
12
12
13
13
Do not use the `access(all)` modifier on fields and functions unless absolutely necessary. Prefer `access(self)`, `access(contract)`, `access(account)`, or `access(SomeEntitlement)`. Unintentionally declaring fields or functions as `access(all)` can expose vulnerabilities in your code.
14
14
15
-
When writing definitions for contracts, structs, or resources, start by declaring all your fields and functions as `access(self)`. If there is a function that needs to be accessible by external code, only declare it as `access(all)` if it is a `view` function:
15
+
When writing definitions for contracts, structs, or resources, start by declaring all your fields and functions as `access(self)`. If there is a function that needs to be accessible by external code, only declare it as `access(all)` if it is a `view` function or if you definitely want it to be accessible by anyone in the network.
If there are any functions that modify state that also need to be callable from external code, use [entitlements] for the access modifiers for those functions:
33
+
If there are any functions that modify privileged state that also need to be callable from external code, use [entitlements] for the access modifiers for those functions:
0 commit comments