search

flow-usdc / flow-usdc

A FungibleToken-compatible fiat coin on the Flow blockchain, ERC20-alike with additional support for pausing and blocklisting.
MIT License
20 stars 15 forks source link

BUG: Array and Dictionary Fields should not be `pub` #54

Closed joshuahannan closed 3 years ago

joshuahannan commented 3 years ago

Many of the fields in the usdc contract are public, which is normally ok for most types, but composite types, arrays, and dictionaries should be some form of private (access(contract) or access(self)) so that their fields cannot be assigned to.

For example, the blocklist in the main contract would be able to be modified by anyone, since it is a public dictionary.

You should define getters and setters that explicitly define the access that you want different scopes to have. There are many more examples of this in the contracts.

See the Flow Docs for more context

aphelionz commented 3 years ago

@joshuahannan @whalelephant can this be closed?

aphelionz commented 3 years ago

Closing this for now, please let me know if it should be re-opened.

joshuahannan commented 3 years ago

yes. 👍