I have a question, what if I have a simple contract that has a public function "give something to this adress" and that will be called from a website
I will put it on-chain but will not verify it nor publish the abi or source code...
So, is there a way someone can decode the bytecode generated for my contract? Is there any way they can generate their own abi? And the last question: Can someone access the abi that I use on my webpage?
Solidity code is compiled into EVM bytecode. All compiled code can, at least in theory, be reverse-engineered.
Reverse-engineering any compiled code gives us the basic functionality in a very unreadable format (it's optimized, minimized and whatnot). Some more info can be found here: How can you decompile a smart contract?
Having spent a minute googling the issue, it looks like you can't get the ABI from just the bytecode: Can you obtain the ABI of a smart contract using the contract address and contract code? and How do you get a json file (ABI) from a known contract address?
Anyway, as a rule of thumb, don't assume ANY information you put into Ethereum blockchain to remain secret (unless it's encrypted in client-side and not decryptable in the blockchain).
