Skip to content

Commit

Permalink
docs(world): add comments for prohibitDirectCallback modifier (#2312)
Browse files Browse the repository at this point in the history
Co-authored-by: Kevin Ingersoll <[email protected]>
  • Loading branch information
yonadaaa and holic authored Feb 28, 2024
1 parent ad0c5ad commit 462c9ec
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
5 changes: 4 additions & 1 deletion docs/pages/world/reference/world.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,10 @@ constructor();

#### prohibitDirectCallback

_Prevents the World contract from calling itself._
_Prevents the World contract from calling itself.
If the World is able to call itself via `delegatecall` from a system, the system would have root access to context like internal tables, causing a potential vulnerability.
Ideally this should not happen because all operations to internal tables happen as internal library calls, and all calls to root systems happen as a `delegatecall` to the system.
However, since this is an important invariant, we make it explicit by reverting if `msg.sender` is `address(this)` in all `World` methods._

```solidity
modifier prohibitDirectCallback();
Expand Down
3 changes: 3 additions & 0 deletions packages/world/src/World.sol
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ contract World is StoreData, IWorldKernel {

/**
* @dev Prevents the World contract from calling itself.
* If the World is able to call itself via `delegatecall` from a system, the system would have root access to context like internal tables, causing a potential vulnerability.
* Ideally this should not happen because all operations to internal tables happen as internal library calls, and all calls to root systems happen as a `delegatecall` to the system.
* However, since this is an important invariant, we make it explicit by reverting if `msg.sender` is `address(this)` in all `World` methods.
*/
modifier prohibitDirectCallback() {
if (msg.sender == address(this)) {
Expand Down

0 comments on commit 462c9ec

Please sign in to comment.