Rust Smart Contracts Development Diary (7) Contract Security and Access Control

This article will introduce the relevant content of permission control in Rust smart contracts from two perspectives:

• Visibility of contract methods (functions) access/call
• Access control/responsibility division of privileged functions

1. Contract Function (Method) Visibility

When writing smart contracts, the visibility of contract functions can be specified to control the permissions for calling those functions, protecting key parts of the contract from being accessed or manipulated arbitrarily.

Taking the Bancor Network exchange as an example, on June 18, 2020, the exchange experienced a security incident due to incorrect access control settings for the key functions of the smart contracts. This contract was written in Solidity, and the visibility of the contract functions is divided into public/external and private/internal. The former allows the contract functions to be called by external callers.

When modifying a security vulnerability, due to negligence, some key transfer functions in the contract were mistakenly set to public, allowing anyone to call these functions from outside the contract to perform transfer operations, putting users' $590,000 assets at serious risk.

In Rust smart contracts, it is also important to pay attention to the visibility control of contract functions. The Rust smart contract functions decorated with the #[near_bindgen] macro defined by the NEAR SDK have the following different visibility attributes:

• pub fn: Indicates that this method is public, part of the contract interface, and can be called from outside the contract.
• fn: If pub is not explicitly specified, it means that it cannot be called directly from outside the contract and can only be called internally by other functions within the contract.
• pub(crate) fn: Equivalent to pub(in crate), limiting method calls to within the crate's internal scope.

Another way to set the contract method as internal is to define a separate impl Contract code block in the contract, which is not modified by #[near_bindgen].

For the callback (Callbacks) function, its definition must be set to public, but it needs to ensure that it can only be called by the contract itself. The NEAR SDK provides the #[private] macro to achieve this functionality.

It should be noted that in Rust language, everything is private by default, except for the sub-items in pub Trait and the Enum variables in pub Enum, which are public by default.

2. Access Control for Privileged Functions(Whitelist Mechanism)

In addition to function visibility control, a complete access control whitelist mechanism needs to be established from the contract semantic level. Certain privileged functions ( such as contract initialization, enable/pause, unified transfer, etc. ) can only be called by the contract owner ( owner ), and these functions are commonly referred to as "only owner" functions.

Although these key functions must be set as public attributes, access control rules can be defined for them, and only those who meet the corresponding rules can execute them completely. In Rust smart contracts, a custom Trait similar to the onlyOwner modifier in Solidity can be implemented:

rust pub trait Ownable { fn assert_owner(&self) { assert_eq!(env::predecessor_account_id(), self.get_owner()); } AccountId; fn set_owner(\u0026mut self, owner: AccountId); }

This trait can be used to implement access control for privileged functions in the contract, requiring the caller to be the contract owner. Based on this principle, more complex modifiers or traits can be customized to set multiple users in a whitelist or establish multiple whitelists to achieve fine-grained group access control.

3. More Access Control Methods

Other access control methods in Rust smart contracts include:

• Control of the timing for calling smart contracts
• The multi-signature calling mechanism of contract functions
• Governance(DAO) implementation

These contents will be introduced in the subsequent articles of this series of smart contracts cultivation diaries.