17

In a smart contract, if we make a member variable public:

Question 1: Can a malicious party write a transaction/contract and change the value/state of the public variable in the contract?

Question 2: Would the problem be solved by only turning public to private?

For instance, if in a contract we have:

address private owner;

and in the contract constructor we have:

 owner = msg.sender;

then we have a getter function like:

get_owner() returns (address){
  return owner;

}

then nobody can change owner, but if have

address public owner;

someone may change it later on?

But if we have a getter function as above, MyEtherWallet (to interact with a contract on testrpc) does not read/return owner, unless we turn public owner to a private one.

Question 3: Why MyEtherWallet does not return a value, for the getter functions that we write?

CJ42
  • 136
  • 7
Aydin
  • 2,117
  • 6
  • 25
  • 41

1 Answers1

33
  1. No. For public variables with a global scope within a contract, only getters for those variables are automatically created by the compiler, not setters.
  2. Because of the first answer, this does not apply.
  3. About MyEtherWallet I can't understand the issue, but it should be able to automatically show all public functions of the contract (getters included), like other tools do (i.e. remix). Please note that usually a ÐApp expose functions reading the ABI of the contract. The ABI in any case is always provided by the user (for some famous contract MEW can suggest to the user a known ABI)

You can find more useful information about variables and functions visibility in the official documentation.

Giuseppe Bertone
  • 5,487
  • 17
  • 25