|
|
|
|
@ -60,13 +60,13 @@ abstract contract ERC20Snapshot is ERC20 { |
|
|
|
|
* |
|
|
|
|
* Emits a {Snapshot} event that contains the same id. |
|
|
|
|
* |
|
|
|
|
* {_snapshot} is `internal`: you must decide how to expose it externally. This can be done both by |
|
|
|
|
* guarding it with a system such as {AccessControl}, or by leaving it open to the public. |
|
|
|
|
* {_snapshot} is `internal` and you have to decide how to expose it externally. It's usage may be restricted to a |
|
|
|
|
* set of accounts, for example using {AccessControl}, or it may be open to the public. |
|
|
|
|
* |
|
|
|
|
* [WARNING] |
|
|
|
|
* ==== |
|
|
|
|
* While an open way of calling {_snapshot} is required for certain trust minimization mechanisms such as forking, |
|
|
|
|
* you must consider that it can potentially be used by attackers in two ways. |
|
|
|
|
* you must consider that it can potentially be used by attackers in two ways. |
|
|
|
|
* |
|
|
|
|
* First, it can be used to increase the cost of retrieval of values from snapshots, although it will grow |
|
|
|
|
* logarithmically thus rendering this attack ineffective in the long term. Second, it can be used to target |
|
|
|
|
|
Francisco Giordano
5 years ago