0

I already have searched for my question on Stack Overflow and on the documentation (https://docs.soliditylang.org/en/develop/contracts.html#visibility-and-getters), but I am not sure of the answer.

To better explain my answer, I have created an example:

pragma solidity ^0.8.17;

contract A{
    bool public dummy;

    function setDummy (bool x) public{
        dummy = x;
    }

    function getDummy () public view returns(bool){
        return dummy;
    }
}


contract B {
    A public aContract;

    function initialize () public{
        aContract = new A();
    }
}

If I deploy B and call initialize, I can see the address of aContract. This means that I can interact with the aContract(like calling setDummy) without passing by B.

I do not want this behavior!

I would like that only B can call aContract. Does make aContract private solve this problem? Or I need to make some restriction like onlyOwner on setDummy?

I do not know if making aContract private still leave some vulnerabilities.

Thank You!

Improve this question

1 Answer 1

Reset to default
0

Using the new keyword in Solidity will create a new instance of your contract just as if you had deployed it from your EOA. There is no solidity language feature to restrict visibility of the deployed contract. You will have to implement yourself the access control you need.

A typical pattern in Solidity is to make the contract have an "owner" which is the only address authorized to call certain functions. For example it can be implemented with the Ownable abstract contract from Openzeppelin. With the code below the owner will be set by the Ownable constructor to the deployer address, which in your case will be your B contract instance. And the onlyOwner keyword restricts setDummy so that it can only be called by the owner

import "@openzeppelin/contracts/ownership/Ownable.sol";

contract A is Ownable {

    bool public dummy;

    function setDummy (bool x) public onlyOwner {
        dummy = x;
    }

    function getDummy () public view returns (bool) {
        return dummy;
    }
}
Improve this answer
2
  • Thank you. So the private visibility when using the new keyword have no real use.
    – luca gualandi
    Commented Feb 20, 2023 at 10:01
  • @lucagualandi it will prevent easily reading the content of the variable through e.g. etherscan but doesn't otherwise add any access control to the deployed A contract instance
    – Samuel Peter
    Commented Feb 20, 2023 at 11:48

Not the answer you're looking for? Browse other questions tagged or ask your own question.