External Call Security in Smart Contract

External Call Security in Smart Contract

Jun 23, 2022
Smart Contract
Jun 23, 2022
External calls are the calls that you make from your smart contract to another smart contract. (Always don’t trust the external smart contracts!!).
Marking them untrusted is one way to indicate that they are accessing an external contract.
// Bad practice function withdrawMoney(){ Contract2.withdraw() } // Good practice function UntrustedWithdrawMoney(){ UntrustedContract2.withdraw() }
Avoid any state change after an external call happens because they may not have malicious code but they are capable of calling one. It can lead to control-hijack and one of the most important attacks ever happened β€” Reentrancy. The pattern uses to avoid this check-effect-Interaction pattern. So first do the checking using require, revert, assert, and once that is passed effects to state change must be done and then after that interaction to external contract