You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Permissive fallback function is an antipattern in smart-contract development due to specifics of Ethereum. It should be noted that event handling is a well-known and a standard practice in programming.
There is a range of smart-contract calls that behave as events and execute a handler function in the destination contract. For example: token transfer of token contracts, name owner change of naming services and so on. Many others may be added in future.
Permissive fallback function executes successfully whenever a third party contract is trying to call a function that does not exist in the multi-sig wallet. In this case, a third party contract may rely on event handler functions that are not implemented in multi-sig wallet but the execution will succeed.
According to solidity issue#2630, a fallback function function can return corrupted values, even though it does not have return values in fact, thus violating the work flow of third-party contracts.
NOTE: This can not hurt the multi-sig wallet contract or its funds. This can only hurt third-party contracts that will interact with the multi-sig wallet contract.
The text was updated successfully, but these errors were encountered:
Severity: low
Code snippet
https://github.com/EthereumCommonwealth/ethereum-classic-multisig/blob/master/contracts/MultisigWallet.sol#L42-L46
Description
Permissive fallback function is an antipattern in smart-contract development due to specifics of Ethereum. It should be noted that event handling is a well-known and a standard practice in programming.
There is a range of smart-contract calls that behave as events and execute a handler function in the destination contract. For example:
token transfer
of token contracts,name owner change
of naming services and so on. Many others may be added in future.Permissive fallback function executes successfully whenever a third party contract is trying to call a function that does not exist in the multi-sig wallet. In this case, a third party contract may rely on event handler functions that are not implemented in multi-sig wallet but the execution will succeed.
According to solidity issue#2630, a fallback function function can return corrupted values, even though it does not have return values in fact, thus violating the work flow of third-party contracts.
NOTE: This can not hurt the multi-sig wallet contract or its funds. This can only hurt third-party contracts that will interact with the multi-sig wallet contract.
The text was updated successfully, but these errors were encountered: