Last updated
Was this helpful?
Submitted on Sun Jul 07 2024 22:14:10 GMT-0400 (Atlantic Standard Time) by @rbz for
Report ID: #32937
Report type: Smart Contract
Report severity: Insight
Target: https://github.com/FuelLabs/sway/tree/v0.61.2
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
fallback function can be executed directly with provided arguments, circumventing the usual requirement of being called only if the contract selection process fails to match any existing ABI methods.
The documentation suggests that fallback is exclusively triggered when a transaction's data payload fails to match any existing function signature as defined by "contract selection", or potentially when no data is sent. It doesn't mention the possibility of directly calling this function. It's unusual to find that the default fallback function can be directly invoked using its name.
Additionally, the compiler doesn't stop you from compiling the following version of the contract, which results in producing questionable ABIs.Eventhough, this doesn't seem to directly affect how the contract works, this could lead to confusion because the ABI doesn't accurately reflect the contract's behavior. Other contracts or users might accidentally call the fallback function, thinking it's a regular one, which could cause unexpected problems.
Allowing direct calls to the fallback function muddies the waters between regular functions and the fallback, potentially causing confusion and misuse.
The fallback function is often designed to be lightweight due to gas limitations. Direct calls might encourage overuse, leading to higher gas costs.
It might make it harder to distinguish between intentional fallback calls and erroneous function calls.
https://docs.fuel.network/docs/sway/blockchain-development/calling_contracts/#fallback
https://gist.github.com/0xZRA/873b12ab2c66b21a013574a3e6f738b1
