Address: explain dangers of isContract (#2994)

Co-authored-by: Ivo Georgiev <ivo@strem.io>
3 years ago · 04109f8bee
parent 8ef7655e7b
commit 04109f8bee
1 changed files with 9 additions and 0 deletions
--- a/contracts/utils/Address.sol
+++ b/contracts/utils/Address.sol
@ -23,6 +23,15 @@ library Address {
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     * ====
+     *
+     * [IMPORTANT]
+     * ====
+     * You shouldn't rely on `isContract` to protect against flash loan attacks!
+     *
+     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
+     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
+     * constructor.
+     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize, which returns 0 for contracts in