If you look closely at the previous example you will notice that it is somewhat dangerous.
What happens if some user tries to send a HiFromChild message and impersonate a child? What happens if some user tries to send a HiFromParent message and impersonate the parent?
To add authentication that messages came from where we think they came from, we simply need to add require() in the beginning of every protected receiver and make sure that the sender is who we expect it is.
It is best practice to add this authentication to every message coming from a parent and every message coming from a child.
Try pressing the Send HiFromChild{1} button. This will send the parent an impersonated HiFromChild message, but from some user, not from a real child.
Since this code is now protected, it will notice that the sender is incorrect and reject the message with an access denied error.
import "@stdlib/deploy";
// first contract
contract Todo1 with Deployable {
seqno: Int as uint64 = 1; // the code specifies the index (sequence number)
init() {}
get fun myAddress(): Address {
return myAddress();
}
get fun otherAddress(): Address {
let init: StateInit = initOf Todo2();
return contractAddress(init);
}
}
// second contract
contract Todo2 with Deployable {
seqno: Int as uint64 = 2; // the code specifies the index (sequence number)
init() {}
get fun myAddress(): Address {
return myAddress();
}
get fun otherAddress(): Address {
let init: StateInit = initOf Todo1();
return contractAddress(init);
}
}