Address: explain dangers of isContract (#2994)

Co-authored-by: Ivo Georgiev <ivo@strem.io>

Address: explain dangers of isContract (#2994)
Co-authored-by: Ivo Georgiev <ivo@strem.io>
04109f8b · Francisco Giordano · 8ef7655e · 04109f8b
Commit 04109f8b authored Dec 08, 2021 by Francisco Giordano
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

Address.sol contracts/utils/Address.sol +9 -0

No files found.
--- a/contracts/utils/Address.sol
+++ b/contracts/utils/Address.sol
@@ -23,6 +23,15 @@ library Address {
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     * ====
+     *
+     * [IMPORTANT]
+     * ====
+     * You shouldn't rely on `isContract` to protect against flash loan attacks!
+     *
+     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
+     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
+     * constructor.
+     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize, which returns 0 for contracts in