Proposal for Secure Inter-SC Calling Protocol
In recent discussions, concerns have been raised regarding the inter-SC calling mechanism. The primary issue revolves around the potential for malicious actors to modify data if granted writing permissions across different smart contracts (SCs).
The current inter-SC calling system allows for potential vulnerabilities, where one could modify or write data on another SC. This poses significant security and integrity concerns.
To address this issue, we propose implementing a read-only protocol for inter-SC interactions:
When an SC imports data from another SC, it should be immutable. In other words, the imported data cannot be altered by the receiving SC.
The SCs should strictly be used for reading data and not for any other functionalities during these interactions.
Such a protocol would facilitate safe interconnections between SCs. By ensuring that SCs are immutable when imported and only allowing them to read data, we maintain the integrity of the data and prevent potential breaches.
There may be concerns that reading a variable from another SC poses security risks. However, it’s essential to understand that these variables are already accessible on the chain, available for anyone to read. The proposed system doesn’t expose any additional information beyond what’s already publicly accessible.
We believe that the implementation of a read-only inter-SC protocol is a step in the right direction. It ensures data security while allowing for the seamless transfer of data between SCs.