Vyper: Make the default function visibility internal
Currently, functions are public by default in Viper.
This has security implications, especially when refactoring code (see for example, the parity multisig wallet vulnerability)
My suggestion is to make the default internal, and require a @public annotation to make the function public.
Thoughts?
maraoz
All 5 comments
Solidity defaults to public, I think this is an okay as is since we have @internal and @constant. Most functions you'd design will probably be publicly available.
@DavidKnott do you agree?
fubuloubu
on 18 Oct 2017
@fubuloubu I prefer having internal as the default function visibility for viper because it seems more in line with viper's core values. Clearly it might come as a surprise to some developers but I think it's well worth it for the added safety it will provide.
DavidKnott
on 19 Oct 2017
@DavidKnott I agree. Does that mean getting rid of @internal and introducing @public?
seed
on 25 Oct 2017
@vbuterin thoughts? I feel like having internal visibility by default could have prevented hacks like Rubixi or even Parity Wallet.
maraoz
on 29 Oct 2017
@maraoz We decided to not have defaults and require explicit visibility on all methods. Thanks a lot for creating this issue 馃憤
DavidKnott
on 16 Nov 2017
Related issues
travs
路
3Comments
ben-kaufman
路
3Comments
haydenadams
路
3Comments
ben-kaufman
路
4Comments
lsaether
路
4Comments
Most helpful comment
@fubuloubu I prefer having
internalas the default function visibility for viper because it seems more in line with viper's core values. Clearly it might come as a surprise to some developers but I think it's well worth it for the added safety it will provide.