The Constructor¶
One thing we haven't really talked about yet is the constructor.
It's something you need to understand before we proceed!
The constructor is a special function. It is automatically called during Smart Contract deployment. And it can never be called again after that.
It also has a special name! It's simply called constructor() { ... }
.
Let's see how that works to our advantage. Let's extend the Smart Contract we wrote before to make it a bit more secure.
Securing our Smart Contract using a simple Ownership-Model¶
We are going to set a storage variable to the address that deployed the Smart Contract. Then we will require()
that the person interacting with withdrawAllMoney is the same as the one who deployed the Smart Contract.
Extend our Smart Contract:
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.1;
contract StartStopUpdateExample {
address public owner;
constructor() {
owner = msg.sender;
}
function sendMoney() public payable {
}
function withdrawAllMoney(address payable _to) public {
require(owner == msg.sender, "You cannot withdraw.");
_to.transfer(address(this).balance);
}
}
constructor()
: is a special function that is called only once during contract deployment. It still has the same global objects available as in any other transaction. So in msg.sender
is the address of the person who deployed the Smart Contract
require(owner == msg.sender, "You cannot withdraw.")
: That might be a bit early, but this is how you trigger Errors (or throw Exceptions) in Solidity. If the require evaluates to false it will stop the transaction, roll-back any changes made so far and emit the error message as String.
Everyone can send Ether to our Smart Contract. But only the person who deployed the Smart Contract can withdraw. Secure and Smart - Let's try this!
Testing our new Smart Contract¶
We're going to do the following:
-
Deploy the new Smart Contract
-
Send Ether to the Smart Contract
-
Try to use another Account to withdraw
Note: Don't switch back, use the other Account to call withdrawAllMoney
-
Observe the Error Message
-
Switch back to the original Account
Note: I used the second account in my account-dropdown to deploy the Smart Contract, so I am switching back to this one
-
Withdraw and see it works
Amazing, right! A very simplistic access rule that denies access to anyone except the one who deployed the Smart Contract.
Of course, you can spin that further. You can create a whole Access Model around this. OpenZeppelin did this in their Ownable Models
So, what's next? Let's see if we can pause our Smart Contract!
Can you think of a solution?
The Ethereum Virtual Machine has no functionality to pause Smart Contracts on a protocol-level. So, we need to think of a solution "in code".
Can you think of something? Maybe a boolean that pauses any deposits and withdrawals when it's true?
Give it a try!
Alright, off to Pausing Smart Contracts...