I'm new to Solidity, and I am focused on learning to write secure code. Is there a way to check a smart contract variable for its type? If I have the following function:
function setNewToken(address _newToken) external onlyOwner {
tokenAddress = _newToken;
}
Is there a way to check the type of the smart contract associated with the address passed as a parameter?
Does this example effectively function as a check?
function setNewToken(TokenType _newToken) external onlyOwner {
token = _newToken;
}
My main concern with this question is to add an additional layer of security, if it's useful. My assumption is that by ensuring the contract that is passed in the call is the right type, it prevents certain kinds of attacks. Am I off base?
Best Answer
The solidity contract type (in your case
TokenType) does not perform any runtime checks and is primarily for compile time type enforcements.As @Ismael mentioned the best solution right now is EIP-165. This EIP allows contracts to return of they support specific interfaces.
A very explicit way is to check the code hash of a contract and only allow contracts with specific code hashes, but this is very limited (and might not work for every contract)