[#6] Add a security notice to `view` macro

Problem: Using view macro in some contracts may pose a security risk
as discussed in #6 (comment 261965831)

Solution: Add a security notice so that users are informed about
introducing a potential vulnerability when using views.
parent 1a690c6d
Pipeline #107860000 passed with stage
in 2 minutes and 33 seconds
......@@ -261,6 +261,8 @@ By convention, `view` must emit only a single transfer `operation` to the
callback contract passed by the caller, and must not mutate the contract storage
in any way.
**Note that using `view` may potentially be insecure: users can invoke operations on an arbitrary callback contract on behalf of the contract that contains a view entrypoint. If you rely on `SENDER` value for authorization, please be sure you understand the security implications or avoid using views.**
To make the process of writing the logic for a `view` easier, we define a `VIEW`
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment