Who can execute public functions of smart contract in solidity?

0
votes

I'm developing my first smart contract and I'm little concerned about security. I took ERC20.sol contract as a template and there is a function

function approve(address spender, uint256 amount) public returns (bool) {
    _approve(_msgSender(), spender, amount);
    return true;
}

After I deploy the contract, who is default owner of the contract? Can anyone else use this contract and this public function to approve spender amounts w/o any restrictions? Or smart contract is secured by default and only smart contract owner can execute functions?

I know I can use Ownable.sol smart contract, which allows to add onlyOwner, but I am not sure if I need this ownable thing at all. Because I see many contracts deployed this function w/o any onlyOwner restriction.

So, who can execute smart contract public/external functions?

let contract = web3.eth.contract(minABI).at(tokenAddress);
contract.approve(address(hacker_address), 10000000);

Can random user approve amount for himself or someone else?

1
blockchainethereumsoliditysmartcontracts

1 Answers

1
votes

who is default owner of the contract

By default, contracts are not owned by anyone.

Can anyone else use this contract and this public function to approve spender amounts w/o any restrictions?

You need to read internal _approve() function logic to understand how it works and you will find how it works and what are the restrictions.

So, who can execute smart contract public/external functions?

Anyone.

I know I can use Ownable.sol smart contract, which allows to add onlyOwner,

This is not related to approve(). You need to also read ERC-20 spec and first understand what approve() does.