How I add Security to the smart contract?

by Mohamed Ismail   Last Updated August 14, 2018 05:28 AM

I deployed this contract and also interacted with it using ganache.

     pragma solidity ^0.4.0;
    contract Counter {
     int private count = 0;
     function incrementCounter() public {
      count += 1;
      }
      function decrementCounter() public {
    count -= 1;
      }
      function getCount() public constant returns (int) {
    return count;
      }
    }

However, when interacting with the contract, any account on Ganache can interact with it and use the function increment. How can I define only one account from Ganache to be able to change this function ?? I just wanna to add some security to the contract?

This is link for the smartcontract I follow: https://medium.com/crypto-currently/build-your-first-smart-contract-fc36a8ff50ca



Answers 3


Have a look at the Ownable library https://github.com/OpenZeppelin/openzeppelin-solidity/blob/master/contracts/ownership/Ownable.sol . It gives you a modifier called onlyOwner which you can add to all the functions where you need to restrict the access.

Using the onlyOwner modifier blocks access from anyone but from the owner. Owner is by default the one who created the contract.

There are also other alternatives to this but Ownable is probably the most widely-used and accepted solution.

Lauri Peltonen
Lauri Peltonen
August 14, 2018 05:44 AM

You just need to add a modifier to the contract, then include the modifier wherever you want the added security. Below, the modifier isAdmin has been added to the incrementCounter and decrementCounter functions.

pragma solidity ^0.4.0;

contract Counter {
    int private count = 0;

    modifier isAdmin() {
        require(msg.sender == 0xYOUR-ADDRESS-HERE);
        _;
    }

    function incrementCounter() public isAdmin {
        count += 1;
    }

    function decrementCounter() public isAdmin {
        count -= 1;
    }

    function getCount() public constant returns (int) {
        return count;
    }
}
nyusternie
nyusternie
August 14, 2018 05:47 AM

You can add a constraint to your functions, like this:

pragma solidity ^0.4.0;
    contract Counter {

        int private count = 0;
        address public admin;

        constructor() public {
            admin = msg.sender;
        }

        function incrementCounter() public {
            require(msg.sender==admin);
            count += 1;
        }

        function decrementCounter() public {
            require(msg.sender==admin);
            count -= 1;
        }

        function getCount() public constant returns (int) {
            return count;
        }
    }

In the constructor, the admin is set to be the account that deployed the contract. Then, the require(msg.sender==admin) will check if the account trying to execute the functions is the admin of your system, if not, it will throw and the function will not be executed.

hope this helps.

Jaime
Jaime
August 14, 2018 10:03 AM

Related Questions


which wallet is usable with ganache test-rpc?

Updated April 23, 2018 14:28 PM

Unable to check for msg.value

Updated June 18, 2018 08:28 AM



Is drizzle a contracts lib?

Updated July 17, 2018 22:28 PM