arajasek
commented
5 years ago Hey, thanks for the issue!
While I see your point, I think the docs are primarily aimed at the simple case where new developers are using our tooling to generate the main method of their main class. If contract writers are providing their own main, then we're assuming they understand enough to interpret the Blockchain.getData() information as appropriate.
I don't think this poses a security threat, though.
@jennijuju it might be a good idea to make it explicit that the tooling that generates the main method is only activated if no main method is provided, and so new developers relying on @Callable should NOT provide a main method.
jennijuju
fulldecent
In developers/fundamentals/avm-concepts/callable-functions/
It is documented that @callable is used to annotate a function as callable from outside of the contract.
This is inexact. Actually, @callable annotates a main function which handles all incoming calls and that main function routes calls. But actually you can override that main function, therefore invalidating the claim that @callable functions are actually callable and non-callable functions are not callable.
I consider this a security issue.