Address: explain dangers of isContract (OpenZeppelin#2994)

Co-authored-by: Ivo Georgiev <ivo@strem.io>
zjhdoit · Dec 8, 2021 · 04109f8 · 04109f8
1 parent 8ef7655
commit 04109f8
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/contracts/utils/Address.sol b/contracts/utils/Address.sol
@@ -23,6 +23,15 @@ library Address {
      *  - an address where a contract will be created
      *  - an address where a contract lived, but was destroyed
      * ====
+     *
+     * [IMPORTANT]
+     * ====
+     * You shouldn't rely on `isContract` to protect against flash loan attacks!
+     *
+     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
+     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
+     * constructor.
+     * ====
      */
     function isContract(address account) internal view returns (bool) {
         // This method relies on extcodesize, which returns 0 for contracts in