feat: Turn All Call::new_in into Call::new (i.e. Stop Supporting Reentrancy)

CHANGELOG.md

@@ -18,7 +18,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Implement `MethodError` for `safe_erc20::Error`. #402
 - Use `function_selector!` to calculate transfer type selector in `Erc1155`. #417
-- Update internal functions of `Erc721` and `Erc721Consecutive` accept reference to `Bytes`. #437 
+- Update internal functions of `Erc721` and `Erc721Consecutive` accept reference to `Bytes`. #437
+- Replace all `Call:new_in` to `Call:new` to stop supporting reentrancy. #440
 
 ### Fixed
 

contracts/src/finance/vesting_wallet.rs

@@ -32,7 +32,6 @@ use stylus_sdk::{
     block,
     call::{self, call, Call},
     contract, evm, function_selector,
-    storage::TopLevelStorage,
     stylus_proc::{public, sol_storage, SolidityError},
 };
 
@@ -112,11 +111,6 @@ sol_storage! {
     }
 }
 
-/// NOTE: Implementation of [`TopLevelStorage`] to be able use `&mut self` when
-/// calling other contracts and not `&mut (impl TopLevelStorage +
-/// BorrowMut<Self>)`. Should be fixed in the future by the Stylus team.
-unsafe impl TopLevelStorage for VestingWallet {}
-
 /// Required interface of a [`VestingWallet`] compliant contract.
 #[interface_id]
 pub trait IVestingWallet {
@@ -420,7 +414,7 @@ impl IVestingWallet for VestingWallet {
 
         let owner = self.ownable.owner();
 
-        call(Call::new_in(self).value(amount), owner, &[])?;
+        call(Call::new().value(amount), owner, &[])?;
 
         evm::log(EtherReleased { amount });
 

contracts/src/token/erc1155/mod.rs

@@ -9,7 +9,6 @@ use stylus_sdk::{
     call::{self, Call, MethodError},
     evm, function_selector, msg,
     prelude::{public, sol_storage, AddressVM, SolidityError},
-    storage::TopLevelStorage,
 };
 
 use crate::utils::{
@@ -189,11 +188,6 @@ sol_storage! {
     }
 }
 
-/// NOTE: Implementation of [`TopLevelStorage`] to be able use `&mut self` when
-/// calling other contracts and not `&mut (impl TopLevelStorage +
-/// BorrowMut<Self>)`. Should be fixed in the future by the Stylus team.
-unsafe impl TopLevelStorage for Erc1155 {}
-
 /// Required interface of an [`Erc1155`] compliant contract.
 #[interface_id]
 pub trait IErc1155 {
@@ -786,7 +780,7 @@ impl Erc1155 {
     /// interface id or returned with error, then the error
     /// [`Error::InvalidReceiver`] is returned.
     fn _check_on_erc1155_received(
-        &mut self,
+        &self,
         operator: Address,
         from: Address,
         to: Address,
@@ -798,7 +792,7 @@ impl Erc1155 {
         }
 
         let receiver = IERC1155Receiver::new(to);
-        let call = Call::new_in(self);
+        let call = Call::new();
         let result = match details.transfer {
             Transfer::Single { id, value } => receiver
                 .on_erc_1155_received(call, operator, from, id, value, data),

contracts/src/token/erc20/extensions/permit.rs

@@ -17,7 +17,6 @@ use alloy_sol_types::{sol, SolType};
 use stylus_sdk::{
     block,
     prelude::StorageType,
-    storage::TopLevelStorage,
     stylus_proc::{public, sol_storage, SolidityError},
 };
 
@@ -79,11 +78,6 @@ sol_storage! {
     }
 }
 
-/// NOTE: Implementation of [`TopLevelStorage`] to be able use `&mut self` when
-/// calling other contracts and not `&mut (impl TopLevelStorage +
-/// BorrowMut<Self>)`. Should be fixed in the future by the Stylus team.
-unsafe impl<T: IEip712 + StorageType> TopLevelStorage for Erc20Permit<T> {}
-
 #[public]
 impl<T: IEip712 + StorageType> Erc20Permit<T> {
     /// Returns the current nonce for `owner`.
@@ -174,7 +168,7 @@ impl<T: IEip712 + StorageType> Erc20Permit<T> {
 
         let hash: B256 = self.eip712.hash_typed_data_v4(struct_hash);
 
-        let signer: Address = ecdsa::recover(self, hash, v, r, s)?;
+        let signer: Address = ecdsa::recover(hash, v, r, s)?;
 
         if signer != owner {
             return Err(ERC2612InvalidSigner { signer, owner }.into());

contracts/src/token/erc20/utils/safe_erc20.rs

@@ -16,7 +16,6 @@ use stylus_sdk::{
     contract::address,
     evm::gas_left,
     function_selector,
-    storage::TopLevelStorage,
     stylus_proc::{public, sol_storage, SolidityError},
     types::AddressVM,
 };
@@ -80,11 +79,6 @@ sol_storage! {
     pub struct SafeErc20 {}
 }
 
-/// NOTE: Implementation of [`TopLevelStorage`] to be able use `&mut self` when
-/// calling other contracts and not `&mut (impl TopLevelStorage +
-/// BorrowMut<Self>)`. Should be fixed in the future by the Stylus team.
-unsafe impl TopLevelStorage for SafeErc20 {}
-
 /// Required interface of a [`SafeErc20`] utility contract.
 pub trait ISafeErc20 {
     /// The error type associated to this trait implementation.

contracts/src/token/erc721/extensions/consecutive.rs

@@ -31,7 +31,6 @@ use alloy_sol_types::sol;
 use stylus_sdk::{
     abi::Bytes,
     evm, msg,
-    prelude::TopLevelStorage,
     stylus_proc::{public, sol_storage, SolidityError},
 };
 
@@ -134,8 +133,6 @@ pub enum Error {
     ForbiddenBatchBurn(ERC721ForbiddenBatchBurn),
 }
 
-unsafe impl TopLevelStorage for Erc721Consecutive {}
-
 // ************** ERC-721 External **************
 
 #[public]

contracts/src/token/erc721/mod.rs

@@ -200,11 +200,6 @@ sol_storage! {
     }
 }
 
-/// NOTE: Implementation of [`TopLevelStorage`] to be able use `&mut self` when
-/// calling other contracts and not `&mut (impl TopLevelStorage +
-/// BorrowMut<Self>)`. Should be fixed in the future by the Stylus team.
-unsafe impl TopLevelStorage for Erc721 {}
-
 /// Required interface of an [`Erc721`] compliant contract.
 #[interface_id]
 pub trait IErc721 {
@@ -1108,7 +1103,7 @@ impl Erc721 {
     /// interface id or returned with error, then the error
     /// [`Error::InvalidReceiver`] is returned.
     pub fn _check_on_erc721_received(
-        &mut self,
+        &self,
         operator: Address,
         from: Address,
         to: Address,
@@ -1122,7 +1117,7 @@ impl Erc721 {
         }
 
         let receiver = IERC721Receiver::new(to);
-        let call = Call::new_in(self);
+        let call = Call::new();
         let result = receiver.on_erc_721_received(
             call,
             operator,

contracts/src/utils/cryptography/ecdsa.rs

@@ -8,7 +8,6 @@ use alloy_primitives::{address, uint, Address, B256, U256};
 use alloy_sol_types::{sol, SolType};
 use stylus_sdk::{
     call::{self, Call, MethodError},
-    storage::TopLevelStorage,
     stylus_proc::SolidityError,
 };
 
@@ -88,15 +87,14 @@ sol! {
 ///
 /// * If the `ecrecover` precompile fails to execute.
 pub fn recover(
-    storage: &mut impl TopLevelStorage,
     hash: B256,
     v: u8,
     r: B256,
     s: B256,
 ) -> Result<Address, Error> {
     check_if_malleable(&s)?;
     // If the signature is valid (and not malleable), return the signer address.
-    _recover(storage, hash, v, r, s)
+    _recover(hash, v, r, s)
 }
 
 /// Calls `ecrecover` EVM precompile.
@@ -123,7 +121,6 @@ pub fn recover(
 ///
 /// * If the `ecrecover` precompile fails to execute.
 fn _recover(
-    storage: &mut impl TopLevelStorage,
     hash: B256,
     v: u8,
     r: B256,
@@ -140,7 +137,7 @@ fn _recover(
     }
 
     let recovered =
-        call::static_call(Call::new_in(storage), ECRECOVER_ADDR, &calldata)
+        call::static_call(Call::new(), ECRECOVER_ADDR, &calldata)
             .expect("should call `ecrecover` precompile");
 
     let recovered = Address::from_slice(&recovered[12..]);

examples/ecdsa/src/lib.rs

@@ -21,7 +21,7 @@ impl ECDSAExample {
         r: B256,
         s: B256,
     ) -> Result<Address, Vec<u8>> {
-        let signer = ecdsa::recover(self, hash, v, r, s)?;
+        let signer = ecdsa::recover(hash, v, r, s)?;
         Ok(signer)
     }
 }