Closed pcaversaccio closed 3 years ago
Hey @pcaversaccio,
Your code is probably fine. To give developers more awareness about parts of their code that potentially call out to external contracts we annotate lines that contain potential external calls. See release notes at https://github.com/ConsenSys/vscode-solidity-auditor/releases/tag/v0.1.0.
From your response I get that the ⚠️ sign might be too dramatic for this and can be confused with compiler warnings. Would be great to get more feedback from you on this. As for the feature, you can easily disable it in the settings as shown here:
@tintinweb thanks for the explanation. But one thing I still don't understand is, that the ⚠️ sign disappears once I remove {gas: req.gas}
. But obviously, it still remains an external call:
Generally, I don't mind having such a sign but having information on the warning (via e.g. a tooltip would be great). My problem here was that I had no indication at all when I hovered over the icon nor any indication in the code.
@pcaversaccio our best effort approach doesn't yet support detection of external calls in struct members unless it is clear that it is an external call from other indicators (e.g. because of call specific settings {}
).
I see - will close the issue now. Thx for elaborating on this issue.
Ah yeah, regarding the tooltip. When hovering over the. call
ort to
you should see a message popping up saying "EXTCALL". This is obviously not very helpful if you don't know what is triggering the icon.
I'll figure out how to best address this 🤔 because I think there is no way to provide a hover message in the gutter.
Just one add-on comment: since I've added // solhint-disable-next-line avoid-low-level-calls
to the code (i.e. I'm aware of what I'm doing) the extension could remove the warning.
Ah yeah, regarding the tooltip. When hovering over the.
call
ortto
you should see a message popping up saying "EXTCALL". This is obviously not very helpful if you don't know what is triggering the icon.I'll figure out how to best address this 🤔 because I think there is no way to provide a hover message in the gutter.
I even don't get this message (this is probably triggered by the other solidity extension):
Maybe it's better to remove the signs in the gutter and add the information directly in the code, e.g. a colored square around the triggering keyword...
I get a yellow exclamation mark next to a low-level call. There is no further information when I hover over it nor any problems/warnings logged.
Trigger: it's the parameters in the curly brackets (in my case
{gas: req.gas}
) that cause the warning. If you remove these arguments, everything disappears.Does someone have idea how to fix this (the code compiles also w/o any warnings):
![image](https://user-images.githubusercontent.com/25297591/123170696-1c8cfd80-d47b-11eb-8848-9f0bb7060939.png)
Also see: https://github.com/juanfranblanco/vscode-solidity/issues/257 for a smart contract to replicate the warning.