Description

Authorized references (references with the auth keyword) allow downcasting, e.g. a restricted type to its unrestricted type, so should only be used in some specific cases. The subtype or unrestricted type could expose functionality that was not intended to be exposed.

Do not use authorized references when exposing functionality. For example, the fungible token standard provides an interface to get the balance of a vault, without exposing the withdrawal functionality.

https://developers.flow.com/cadence/anti-patterns#auth-references-and-capabilities-should-be-avoided

Acceptance criteria

• Linter warns the user when authorized references are defined for public capabilities or types
• Guidance to best practice is provided in the warning message