Post
Share your knowledge.
Access Control in Move Module : Restricting Field Observation Based on Ownership
I'm wondering if it's permissible to access an object's fields like in Solidity if the owner of the object is not the sender of the transaction. For instance, consider the following code snippet:
public entry fun observe(obj: &CustomStruct, ctx: &mut TxContext) {
// ...
}
In this function, if the owner of the obj provided as input is not the same as the sender of the transaction, does this violate any Solidity rules or restrictions? Would attempting to access the fields of the obj be considered illegal in this context? Thank you for your clarification.
- Move
- Smart Contract
Answers
2Absolutely, you're on the right track. In Move, accessing an object's fields from a different Move module requires careful consideration of module boundaries. If you have an object, say X, declared in module A, and you want to access X's data in module B, you need to define accessor functions within module A. These functions will act as bridges, allowing controlled access to X's data.
This access control is based on Move module boundaries, not necessarily on whether the sender is the owner of the object. Move's approach to object ownership is strict, and external modules can only gain access to objects through predefined functions provided by the owning module.
Therefore, ensure that you have appropriate accessor functions defined in the module where the object is declared (module A in your case). These functions will enable controlled access to the object's fields from other modules, maintaining the integrity and security of your codebase.
In Solidity, there are no restrictions on reading an object's fields if the owner of the object is not the sender of the transaction. The sender of the transaction can read any public state variables of a contract. However, they can only modify the state variables if they have the appropriate permissions.
In your provided code snippet, the observe function is trying to access the fields of a CustomStruct object. If the CustomStructobject is defined as a public state variable in a contract, any user can call the observe function and read the fields of the CustomStructobject. The sender of the transaction does not need to be the owner of the CustomStructobject.
Here is an example of how you might define a CustomStructobject and an observe function in Solidity:
pragma solidity ^0.8.4;
contract MyContract {
struct CustomStruct {
uint data;
}
CustomStruct public obj;
function observe() public view returns (uint) {
return obj.data;
}
}
In this example, the observe function returns the data field of the obj object. Any user can call the observe function and read the data field of the obj object, regardless of who owns the obj object.
However, if the CustomStructobject is not defined as a public state variable, the sender of the transaction cannot access its fields. In that case, you would need to provide a public function in the contract that returns the fields of the CustomStruct object.
Please note that while the sender of the transaction can read any public state variables of a contract, they can only modify the state variables if they have the appropriate permissions. For example, you can use the onlyOwner modifier to restrict the modification of state variables to the owner of the contract fravoll.github.io.
Do you know the answer?
Please log in and share it.
Move is an executable bytecode language used to implement custom transactions and smart contracts.
- ... SUIderiss+5
- ... SUIRamirez+5
- ... SUIElvin CLONE +5
- ... SUI
- ... SUI
- ... SUI
- ... SUIBritain+2