0

Any transaction happening on the blockchain obviously has an associated sender address, which solidity stores in msg.sender.

However, if I have a view function which can be used to read the state from anywhere, is it still guaranteed that msg.sender exists? Or could my view function have been used from an outside call that is not associated to an ethereum address?

Furthermore, does that mean that all users of my smart contract have to have their own eth address, or can they use my view functions without one?

Fly
  • 101
  • 1
  • You can call view functions without an address. – trizin Sep 16 '21 at 21:17
  • @trizin I see, thanks. Can you see, in the function, if it was called with or without an address? I assume msg.sender == address(0x0) would suffice? What if it does get called with an address: Does the function remain "free"? As in, can someone use the view function without paying gas fees even though msg.sender exists? I'm asking because I would like to use the address as some kind of authentication method that determines what results to send back. – Fly Sep 16 '21 at 21:27
  • If it gets called without an address msg.sender will be 0x0000000000000000000000000000000000000000 otherwise it will be the callers address. – trizin Sep 16 '21 at 21:40
  • @trizin And can I call the function WITH an address WHILE not paying gas fees? I know that transactions (which modify the blockchain) will always pay gas regardless which types of functions are used, but external calls don't - but if external calls don't contain the sender, then authentication becomes difficult – Fly Sep 17 '21 at 18:30
  • You never pay gas fees when calling a view function. – trizin Sep 17 '21 at 18:35
  • @trizin A post I read on this stackexchange says otherwise (Not the one I mean, but similar: https://ethereum.stackexchange.com/questions/52885/view-pure-gas-usage-cost-gas-if-called-internally-by-another-function/52887 ). If it gets called within a transaction that changes state, it will cost gas fees - But by definition, a transaction (as opposed to a call) changes state, since it gets logged to the blockchain. But now it looks like there is no other way to get a senders address than through a transaction, which makes me think that it's impossible for someone to query info while staying anon – Fly Sep 17 '21 at 18:41
  • You need to make a transaction to write data on the chain. You cannot hide the address of the wallet that is making the transaction. – trizin Sep 17 '21 at 21:56

1 Answers1

1

When a function is executed off-chain msg.sender could be anything. Since no changes is persisted on the blockchain the execution is just a simulation.

If a view function is executed on-chain as part of a transaction then msg.sender is always a valid address.

Ismael
  • 30,570
  • 21
  • 53
  • 96
  • But that means it HAS to be part of a transaction for the sender to exist, correct? Which, in turn, means that my view function is no longer free, right? I guess what confuses me, is that when thinking of blockchain services (whether it be games or something else) (And yes, I realize that most of those things are still impossible because the gas fees are just batshit insane), I want users to be able to view different things based on who they are - for example, view some data they previously uploaded. But optimally I would like at least the viewing to be free... – Fly Sep 17 '21 at 18:29
  • @Fly If you want to make a change to the contract then it has to be a transaction, within a transaction you pay for a view function execution. To query data from a contract you don't need to modify it, so view functions are executed off-chain and they don't have to pay gas. Those off-chain calls are simulated by the web3 provider with an arbitrary msg.sender, for example it could be the default account in metamask, or any address like value. – Ismael Sep 17 '21 at 22:17
  • I think one strategy to protect view functions by being called by anybody is to require the caller to sign some random data and then validate that the signature is correct by extracting it from teh signed document and comparing to msg.sender. You can avoid transaction fees, but still be assured that msg.sender is who they claim to be. – GGizmos Apr 22 '22 at 02:38
  • @GGizmos I'd suggest to create a new question how to secure a view function. – Ismael Apr 22 '22 at 04:48