aionnetwork / aion-docs

Documentation for the Aion Network.
MIT License
9 stars 8 forks source link

@callable not properly documented #52

Closed fulldecent closed 5 years ago

fulldecent commented 5 years ago

In developers/fundamentals/avm-concepts/callable-functions/

It is documented that @callable is used to annotate a function as callable from outside of the contract.

This is inexact. Actually, @callable annotates a main function which handles all incoming calls and that main function routes calls. But actually you can override that main function, therefore invalidating the claim that @callable functions are actually callable and non-callable functions are not callable.

I consider this a security issue.

arajasek commented 5 years ago

Hey, thanks for the issue!

While I see your point, I think the docs are primarily aimed at the simple case where new developers are using our tooling to generate the main method of their main class. If contract writers are providing their own main, then we're assuming they understand enough to interpret the Blockchain.getData() information as appropriate.

I don't think this poses a security threat, though.

@jennijuju it might be a good idea to make it explicit that the tooling that generates the main method is only activated if no main method is provided, and so new developers relying on @Callable should NOT provide a main method.

jennijuju commented 5 years ago

Thanks @arajasek and @fulldecent . I will add an explanation/note to make it more clearer.

fulldecent commented 5 years ago

Documentation is now public, adding a link :-)

https://docs.aion.network/docs/callable-functions