Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Linter] Warn on pub let for dictionaries, arrays, capabilities, and structs with publicly callable functions #431

Open
rheaplex opened this issue Aug 18, 2021 · 0 comments
Open

[Linter] Warn on pub let for dictionaries, arrays, capabilities, and structs with publicly callable functions #431

rheaplex opened this issue Aug 18, 2021 · 0 comments
Labels
Feature Feedback Good First Issue

Comments

@rheaplex
Copy link

Cadence's access control may surprise the unwary in several ways:

  • The content of pub let dictionaries and arrays can be mutated by anyone who can access them.
  • pub let Capabilities can be copied and this may be undesirable.
  • pub let struct member variables that expose any of the above, and/or have public functions, may surprise the unwary in any of these ways.

The Cadence documentation does describe these scenarios, but they can be serious enough that it is probably worth catching them in the compiler and emitting a warning.

(I thought there was a ticket for this, but I cannot locate it. 😺)
@turbolent turbolent removed their assignment Sep 23, 2022
@turbolent turbolent changed the title Warn on pub let for dictionaries, arrays, capabilities, and structs with publicly callable functions [Linter] Warn on pub let for dictionaries, arrays, capabilities, and structs with publicly callable functions Sep 26, 2024
@turbolent turbolent transferred this issue from onflow/cadence Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Feedback Good First Issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rheaplex @turbolent