0/5
_You can follow along with the video course from here._ #### Introduction In this lesson, we will address a security gap present in the current `fundMe` contract. ### Constructor Currently, **anyone** can call the `withdraw` function and drain all the funds from the contract. To fix this, we need to **restrict** the withdrawal function to the contract owner. One solution could be to create a function, `callMeRightAway`, to assign the role of contract owner to the contract's creator immediately after deployment. However, this requires two transactions. A more efficient solution is to use a **constructor** function: ```solidity constructor() {} ``` > 🗒️ **NOTE**:br > The constructor does not use the `function` and `public` keywords. ### Assigning the Owner in the Constructor The constructor function is automatically called during contract deployment, within the same transaction that deploys the contract. We can use the constructor to set the contract's owner immediately after deployment: ```solidity address public owner; constructor() { owner = msg.sender; } ``` Here, we initialize the state variable `owner` with the contract deployer's address (`msg.sender`). ### Modifying the Withdraw Function The next step is to update the `withdraw` function to ensure it can only be called by the owner: ```solidity function withdraw() public { require(msg.sender == owner, "must be owner"); // rest of the function here } ``` Before executing any withdrawal actions, we check that `msg.sender` is the owner. If the caller is not the owner, the operation **reverts** with the error message "must be the owner" This access restriction ensures that only the intended account can execute the function. ### Conclusion By incorporating a constructor to assign ownership and updating the withdraw function to restrict access, we have significantly improved the security of the fundMe contract. These changes ensure that only the contract owner can withdraw funds, preventing unauthorized access. ### 🧑💻 Test yourself 1. 📕 What is the purpose of a `constructor` function and how does it differ from regular functions? 2. 📕 Why is it necessary to restrict access to the withdraw function? 3. 🧑💻 Write a function called `withdrawOnlyFirstAccountRemix` that allows only the first Remix account to withdraw all funds from the contract.
This lesson focuses on using the constructor function in Solidity for role assignment, particularly for setting a contract owner. It discusses the security implications and demonstrates how to restrict certain functionalities, like fund withdrawal, to the owner.
Previous lesson
Previous
Next lesson
Next
Give us feedback
Course Overview
About the course
Blockchain developer fundamentals
Introduction to blockchain gas
Transaction signatures
Smart contract development
Solidity gas optimization techniques
Smart Contract Auditor
$100,000 - $200,000 (avg. salary)
Smart Contract Engineer
$100,000 - $150,000 (avg. salary)
Web3 Developer Relations
$85,000 - $125,000 (avg. salary)
Web3 developer
$60,000 - $150,000 (avg. salary)
Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.
Last updated on November 25, 2024
Solidity Developer
Solidity Smart Contract DevelopmentDuration: 1h 46min
Duration: 38min
Duration: 2h
Duration: 23min
Course Overview
About the course
Blockchain developer fundamentals
Introduction to blockchain gas
Transaction signatures
Smart contract development
Solidity gas optimization techniques
Smart Contract Auditor
$100,000 - $200,000 (avg. salary)
Smart Contract Engineer
$100,000 - $150,000 (avg. salary)
Web3 Developer Relations
$85,000 - $125,000 (avg. salary)
Web3 developer
$60,000 - $150,000 (avg. salary)
Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.
Last updated on November 25, 2024
Testimonials
Read what our students have to say about this course.
Chainlink
Chainlink
Gustavo Gonzalez
Solutions Engineer at OpenZeppelin
Francesco Andreoli
Lead Devrel at Metamask
Albert Hu
DeForm Founding Engineer
Radek
Senior Developer Advocate at Ceramic
Boidushya
WalletConnect
Idris
Developer Relations Engineer at Axelar