Common use of Solidity Function Calls Clause in Contracts

Solidity Function Calls. ‌ Nested function calls in Solidity are the reason behind several identified vulner- abilities. We briefly describe how a smart contract can call a function of another contract or delegate execution. More information can be found in the Solid- ity documentation [46]. Firstly, a contract can call functions defined in another contract: – addressOfContract .call(data): Low-level call, for which the name and ar- guments of the invoked function must be specified in data according to the Ethereum ABI. The call method returns Boolean true if the execution was successful (or if there is no contract at the specified address) and false if it failed (e.g., if the invoked function threw an exception). – contract .function(arg1 , arg2 , ...): High-level call10, which may return a value as output on success. If the invoked method fails (or does not exist), an exception is raised in the caller, which means that all changes made by the caller are reverted, and the exception is automatically propagated up in the call hierarchy. If the function specified for call does not exist, then the fallback function of the callee is invoked. The fallback function does not have a name11 and argu- ments, and it cannot return anything. A contract can have at most one fallback function, and no function is executed if a fallback is not found (note that this does not constitute a failure). The fallback function is also invoked if ether12 is sent to the contract using one of the two methods: – addressOfContract .send(amount ): Sends the specified amount of currency to the contract, invoking its fallback function (if there exists one). If send fails (e.g., if the fallback function throws an exception), then it returns Boolean false; otherwise, it returns true. – addressOfContract .transfer(amount ): Similar to send, but raises an ex- ception on failure, which is handled similar to a high-level function call fail- ure. Finally, a contract can also “delegate” execution to another contract using ad- dressOfContract .delegatecall(data). Delegation is similar to a low-level call, but there is a fundamental difference: in this case, the function specified by data is executed in the context of the caller (e.g., the function will see the contract variables of the caller, not the callee). In other words, contracts may “borrow code” from other contracts using delegatecall, which enables the creation of libraries.