docs: enhance fallback handler documentation in Safe.sol and `IFall…

…backManager.sol` (#879) Updated the documentation for the fallback handler in both `Safe.sol` and `IFallbackManager.sol` to improve clarity and highlight security risks associated with setting the fallback handler. Added a warning about the potential for bypassing access control mechanisms when using untrusted addresses.
safe-global · Jan 9, 2025 · c6cd4b9 · c6cd4b9
1 parent ff36adb
commit c6cd4b9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/contracts/Safe.sol b/contracts/Safe.sol
@@ -28,7 +28,7 @@ import {Enum} from "./libraries/Enum.sol";
  *          1. Transaction Guard: managed in `GuardManager` for transactions executed with `execTransaction`.
  *          2. Module Guard: managed in `ModuleManager` for transactions executed with `execTransactionFromModule`
  *      - Modules: Modules are contracts that can be used to extend the write functionality of a Safe. Managed in `ModuleManager`.
- *      - Fallback: Fallback handler is a contract that can provide additional read-only functionality for Safe. Managed in `FallbackManager`.
+ *      - Fallback: Fallback handler is a contract that can provide additional functionality for Safe. Managed in `FallbackManager`. Please read the security risks in the `IFallbackManager` interface.
  *      Note: This version of the implementation contract doesn't emit events for the sake of gas efficiency and therefore requires a tracing node for indexing/
  *      For the events-based implementation see `SafeL2.sol`.
  * @author Stefan George - @Georgi87

diff --git a/contracts/interfaces/IFallbackManager.sol b/contracts/interfaces/IFallbackManager.sol
@@ -10,9 +10,12 @@ interface IFallbackManager {
 
     /**
      * @notice Set Fallback Handler to `handler` for the Safe.
-     * @dev Only fallback calls without value and with data will be forwarded.
-     *      This can only be done via a Safe transaction.
-     *      Cannot be set to the Safe itself.
+     * @dev 1. Only fallback calls without value and with data will be forwarded.
+     *      2. Changing the fallback handler can only be done via a Safe transaction.
+     *      3. Cannot be set to the Safe itself.
+     *      4. IMPORTANT! SECURITY RISK! The fallback handler can be set to any address and all the calls will be forwarded to it,
+     *         bypassing all the Safe's access control mechanisms. When setting the fallback handler, make sure to check the address
+     *         is a trusted contract and if it supports state changes, it implements the necessary checks.
      * @param handler contract to handle fallback calls.
      */
     function setFallbackHandler(address handler) external;