Unprotected Calls

[byakuren-hijiri]

In the following contract:

message Insert {
  key: Int;
  val: Int;
}

contract Foo {
  m: map<Int, Int>;

  receive(msg: Insert) {
    m.set(msg.key, msg.val);
  }
}

The access to m.set is available to anyone. Therefore, it is easy to disrupt the contract's behavior by implementing a DoS attack.

Another example includes an unprotected send call, which enables anyone to send messages from this contract.

The corrected version should contain some condition in the dataflow that checks some limitations or permissions to perform such a call.

[jubnzv]

It would be easier to implement if we had effects in the Callgraph: #189. For example, we should check if there is some kind of conditional workflow in functions that send or mutate the contract's state.

[jubnzv]

We should also track unprotected calls leading to cell overflow (#20), undeflow (#172) or runtime errors due to unexpected size (#114):

fun test(size: Int) {
  beginCell().storeInt(self.a, size) // Bad: triggers cell overflow or a runtime exception if size > 257
}

[jubnzv]

We could additionally describe unprotected selfdestruct (when SendDestroyIfZero is used in the unprotected send).