You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue will evaluate the security of contract calls made by generators. Currently, we enable arbitrary contract calls as a feature of the generators, but this introduces the opportunity to spoof instances. For example, users wishing to whitelist the generator for a props contract instance will be unable to prevent users of this feature from hardcoding a fake instanceID.
The proposed resolution to this issue is to limit the contract call event by enforcing the passing of the generator's instanceID as the first parameter in the call. This would prevent users from spoofing instances at the expense of requiring an interfacing contract for any contracts which do not already support props instances (which all invoke using the instance ID as the first parameter).
The text was updated successfully, but these errors were encountered:
This issue will evaluate the security of contract calls made by generators. Currently, we enable arbitrary contract calls as a feature of the generators, but this introduces the opportunity to spoof instances. For example, users wishing to whitelist the generator for a props contract instance will be unable to prevent users of this feature from hardcoding a
fakeinstanceID.The proposed resolution to this issue is to limit the contract call event by enforcing the passing of the generator's instanceID as the first parameter in the call. This would prevent users from spoofing instances at the expense of requiring an
interfacingcontract for any contracts which do not already support props instances (which all invoke using the instance ID as the first parameter).The text was updated successfully, but these errors were encountered: