Commit 21d31e49 authored by Kirill Kuvshinov's avatar Kirill Kuvshinov

Merge branch 'kkirka/#6-security-notice' into 'master'

[#6] Add a security notice to `view` macro description

See merge request !34
parents be56b032 a2650357
......@@ -261,6 +261,8 @@ By convention, `view` must emit only a single transfer `operation` to the
callback contract passed by the caller, and must not mutate the contract storage
in any way.
**Note that using `view` may potentially be insecure: users can invoke operations on an arbitrary callback contract on behalf of the contract that contains a view entrypoint. If you rely on `SENDER` value for authorization, please be sure you understand the security implications or avoid using views.**
To make the process of writing the logic for a `view` easier, we define a `VIEW`
......@@ -35,7 +35,7 @@ This interface relies on [multiple entrypoints feature](
For FA1, parameter should contain the following leaves:
1. `(assress :from, (address :to, nat :value)) %transfer`
1. `(address :from, (address :to, nat :value)) %transfer`
3. `view (address :owner) nat %getBalance`
2. `view unit nat %getTotalSupply`
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment