diff --git a/contracts/Safe.sol b/contracts/Safe.sol index b75eedb50..a05499a33 100644 --- a/contracts/Safe.sol +++ b/contracts/Safe.sol @@ -28,7 +28,7 @@ import {Enum} from "./libraries/Enum.sol"; * 1. Transaction Guard: managed in `GuardManager` for transactions executed with `execTransaction`. * 2. Module Guard: managed in `ModuleManager` for transactions executed with `execTransactionFromModule` * - Modules: Modules are contracts that can be used to extend the write functionality of a Safe. Managed in `ModuleManager`. - * - Fallback: Fallback handler is a contract that can provide additional read-only functionality for Safe. Managed in `FallbackManager`. + * - Fallback: Fallback handler is a contract that can provide additional functionality for Safe. Managed in `FallbackManager`. Please read the security risks in the `IFallbackManager` interface. * Note: This version of the implementation contract doesn't emit events for the sake of gas efficiency and therefore requires a tracing node for indexing/ * For the events-based implementation see `SafeL2.sol`. * @author Stefan George - @Georgi87 diff --git a/contracts/interfaces/IFallbackManager.sol b/contracts/interfaces/IFallbackManager.sol index 45b626d87..5e696465e 100644 --- a/contracts/interfaces/IFallbackManager.sol +++ b/contracts/interfaces/IFallbackManager.sol @@ -10,9 +10,12 @@ interface IFallbackManager { /** * @notice Set Fallback Handler to `handler` for the Safe. - * @dev Only fallback calls without value and with data will be forwarded. - * This can only be done via a Safe transaction. - * Cannot be set to the Safe itself. + * @dev 1. Only fallback calls without value and with data will be forwarded. + * 2. Changing the fallback handler can only be done via a Safe transaction. + * 3. Cannot be set to the Safe itself. + * 4. IMPORTANT! SECURITY RISK! The fallback handler can be set to any address and all the calls will be forwarded to it, + * bypassing all the Safe's access control mechanisms. When setting the fallback handler, make sure to check the address + * is a trusted contract and if it supports state changes, it implements the necessary checks. * @param handler contract to handle fallback calls. */ function setFallbackHandler(address handler) external;