feat[lang]: protect external calls with keyword

examples/factory/Exchange.vy

@@ -20,7 +20,7 @@ def __init__(_token: IERC20, _factory: Factory):
 @external
 def initialize():
     # Anyone can safely call this function because of EXTCODEHASH
-    self.factory.register()
+    extcall self.factory.register()
 
 
 # NOTE: This contract restricts trading to only be done by the factory.
@@ -31,12 +31,12 @@ def initialize():
 @external
 def receive(_from: address, _amt: uint256):
     assert msg.sender == self.factory.address
-    success: bool = self.token.transferFrom(_from, self, _amt)
+    success: bool = extcall self.token.transferFrom(_from, self, _amt)
     assert success
 
 
 @external
 def transfer(_to: address, _amt: uint256):
     assert msg.sender == self.factory.address
-    success: bool = self.token.transfer(_to, _amt)
+    success: bool = extcall self.token.transfer(_to, _amt)
     assert success

examples/factory/Factory.vy

@@ -35,12 +35,12 @@ def register():
     # NOTE: Should do checks that it hasn't already been set,
     #       which has to be rectified with any upgrade strategy.
     exchange: Exchange = Exchange(msg.sender)
-    self.exchanges[exchange.token()] = exchange
+    self.exchanges[staticcall exchange.token()] = exchange
 
 
 @external
 def trade(_token1: IERC20, _token2: IERC20, _amt: uint256):
     # Perform a straight exchange of token1 to token 2 (1:1 price)
     # NOTE: Any practical implementation would need to solve the price oracle problem
-    self.exchanges[_token1].receive(msg.sender, _amt)
-    self.exchanges[_token2].transfer(msg.sender, _amt)
+    extcall self.exchanges[_token1].receive(msg.sender, _amt)
+    extcall self.exchanges[_token2].transfer(msg.sender, _amt)

examples/market_maker/on_chain_market_maker.vy

@@ -8,7 +8,7 @@ totalTokenQty: public(uint256)
 # Constant set in `initiate` that's used to calculate
 # the amount of ether/tokens that are exchanged
 invariant: public(uint256)
-token_address: IERC20
+token: IERC20
 owner: public(address)
 
 # Sets the on chain market maker with its owner, initial token quantity,
@@ -17,8 +17,8 @@ owner: public(address)
 @payable
 def initiate(token_addr: address, token_quantity: uint256):
     assert self.invariant == 0
-    self.token_address = IERC20(token_addr)
-    self.token_address.transferFrom(msg.sender, self, token_quantity)
+    self.token = IERC20(token_addr)
+    extcall self.token.transferFrom(msg.sender, self, token_quantity)
     self.owner = msg.sender
     self.totalEthQty = msg.value
     self.totalTokenQty = token_quantity
@@ -33,14 +33,14 @@ def ethToTokens():
     eth_in_purchase: uint256 = msg.value - fee
     new_total_eth: uint256 = self.totalEthQty + eth_in_purchase
     new_total_tokens: uint256 = self.invariant // new_total_eth
-    self.token_address.transfer(msg.sender, self.totalTokenQty - new_total_tokens)
+    extcall self.token.transfer(msg.sender, self.totalTokenQty - new_total_tokens)
     self.totalEthQty = new_total_eth
     self.totalTokenQty = new_total_tokens
 
 # Sells tokens to the contract in exchange for ether
 @external
 def tokensToEth(sell_quantity: uint256):
-    self.token_address.transferFrom(msg.sender, self, sell_quantity)
+    extcall self.token.transferFrom(msg.sender, self, sell_quantity)
     new_total_tokens: uint256 = self.totalTokenQty + sell_quantity
     new_total_eth: uint256 = self.invariant // new_total_tokens
     eth_to_send: uint256 = self.totalEthQty - new_total_eth
@@ -52,5 +52,5 @@ def tokensToEth(sell_quantity: uint256):
 @external
 def ownerWithdraw():
     assert self.owner == msg.sender
-    self.token_address.transfer(self.owner, self.totalTokenQty)
+    extcall self.token.transfer(self.owner, self.totalTokenQty)
     selfdestruct(self.owner)

examples/tokens/ERC4626.vy

@@ -79,7 +79,7 @@ def transferFrom(sender: address, receiver: address, amount: uint256) -> bool:
 @view
 @external
 def totalAssets() -> uint256:
-    return self.asset.balanceOf(self)
+    return staticcall self.asset.balanceOf(self)
 
 
 @view
@@ -91,7 +91,7 @@ def _convertToAssets(shareAmount: uint256) -> uint256:
 
     # NOTE: `shareAmount = 0` is extremely rare case, not optimizing for it
     # NOTE: `totalAssets = 0` is extremely rare case, not optimizing for it
-    return shareAmount * self.asset.balanceOf(self) // totalSupply
+    return shareAmount * staticcall self.asset.balanceOf(self) // totalSupply
 
 
 @view
@@ -104,7 +104,7 @@ def convertToAssets(shareAmount: uint256) -> uint256:
 @internal
 def _convertToShares(assetAmount: uint256) -> uint256:
     totalSupply: uint256 = self.totalSupply
-    totalAssets: uint256 = self.asset.balanceOf(self)
+    totalAssets: uint256 = staticcall self.asset.balanceOf(self)
     if totalAssets == 0 or totalSupply == 0:
         return assetAmount  # 1:1 price
 
@@ -133,7 +133,7 @@ def previewDeposit(assets: uint256) -> uint256:
 @external
 def deposit(assets: uint256, receiver: address=msg.sender) -> uint256:
     shares: uint256 = self._convertToShares(assets)
-    self.asset.transferFrom(msg.sender, self, assets)
+    extcall self.asset.transferFrom(msg.sender, self, assets)
 
     self.totalSupply += shares
     self.balanceOf[receiver] += shares
@@ -153,7 +153,7 @@ def previewMint(shares: uint256) -> uint256:
     assets: uint256 = self._convertToAssets(shares)
 
     # NOTE: Vyper does lazy eval on `and`, so this avoids SLOADs most of the time
-    if assets == 0 and self.asset.balanceOf(self) == 0:
+    if assets == 0 and staticcall self.asset.balanceOf(self) == 0:
         return shares  # NOTE: Assume 1:1 price if nothing deposited yet
 
     return assets
@@ -163,10 +163,10 @@ def previewMint(shares: uint256) -> uint256:
 def mint(shares: uint256, receiver: address=msg.sender) -> uint256:
     assets: uint256 = self._convertToAssets(shares)
 
-    if assets == 0 and self.asset.balanceOf(self) == 0:
+    if assets == 0 and staticcall self.asset.balanceOf(self) == 0:
         assets = shares  # NOTE: Assume 1:1 price if nothing deposited yet
 
-    self.asset.transferFrom(msg.sender, self, assets)
+    extcall self.asset.transferFrom(msg.sender, self, assets)
 
     self.totalSupply += shares
     self.balanceOf[receiver] += shares
@@ -206,7 +206,7 @@ def withdraw(assets: uint256, receiver: address=msg.sender, owner: address=msg.s
     self.totalSupply -= shares
     self.balanceOf[owner] -= shares
 
-    self.asset.transfer(receiver, assets)
+    extcall self.asset.transfer(receiver, assets)
     log IERC4626.Withdraw(msg.sender, receiver, owner, assets, shares)
     return shares
 
@@ -232,7 +232,7 @@ def redeem(shares: uint256, receiver: address=msg.sender, owner: address=msg.sen
     self.totalSupply -= shares
     self.balanceOf[owner] -= shares
 
-    self.asset.transfer(receiver, assets)
+    extcall self.asset.transfer(receiver, assets)
     log IERC4626.Withdraw(msg.sender, receiver, owner, assets, shares)
     return assets
 
@@ -241,4 +241,4 @@ def redeem(shares: uint256, receiver: address=msg.sender, owner: address=msg.sen
 def DEBUG_steal_tokens(amount: uint256):
     # NOTE: This is the primary method of mocking share price changes
     # do not put in production code!!!
-    self.asset.transfer(msg.sender, amount)
+    extcall self.asset.transfer(msg.sender, amount)

examples/tokens/ERC721.vy

@@ -248,7 +248,7 @@ def safeTransferFrom(
     """
     self._transferFrom(_from, _to, _tokenId, msg.sender)
     if _to.is_contract: # check if `_to` is a contract address
-        returnValue: bytes4 = ERC721Receiver(_to).onERC721Received(msg.sender, _from, _tokenId, _data)
+        returnValue: bytes4 = extcall ERC721Receiver(_to).onERC721Received(msg.sender, _from, _tokenId, _data)
         # Throws if transfer destination is a contract which does not implement 'onERC721Received'
         assert returnValue == method_id("onERC721Received(address,address,uint256,bytes)", output_type=bytes4)
 

setup.py

@@ -17,7 +17,7 @@
         "py-evm>=0.7.0a1,<0.8",
         "web3==6.0.0",
         "tox>=3.15,<4.0",
-        "lark==1.1.2",
+        "lark==1.1.9",
         "hypothesis[lark]>=5.37.1,<6.0",
         "eth-stdlib==0.2.6",
     ],

tests/functional/builtins/codegen/test_abi_decode.py

@@ -244,7 +244,7 @@ def get_counter() -> Bytes[128]: nonpayable
 def foo(addr: address) -> (uint256, String[5]):
     a: uint256 = 0
     b: String[5] = ""
-    a, b = _abi_decode(Foo(addr).get_counter(), (uint256, String[5]), unwrap_tuple=False)
+    a, b = _abi_decode(extcall Foo(addr).get_counter(), (uint256, String[5]), unwrap_tuple=False)
     return a, b
     """
 

tests/functional/builtins/codegen/test_abi_encode.py

@@ -281,7 +281,7 @@ def get_counter() -> (uint256, String[6]): nonpayable
 
 @external
 def foo(addr: address) -> Bytes[164]:
-    return _abi_encode(Foo(addr).get_counter(), method_id=0xdeadbeef)
+    return _abi_encode(extcall Foo(addr).get_counter(), method_id=0xdeadbeef)
     """
 
     c2 = get_contract(contract_2)

tests/functional/builtins/codegen/test_addmod.py

@@ -19,12 +19,12 @@ def test_uint256_addmod_ext_call(
     w3, side_effects_contract, assert_side_effects_invoked, get_contract
 ):
     code = """
-@external
-def foo(f: Foo) -> uint256:
-    return uint256_addmod(32, 2, f.foo(32))
-
 interface Foo:
     def foo(x: uint256) -> uint256: payable
+
+@external
+def foo(f: Foo) -> uint256:
+    return uint256_addmod(32, 2, extcall f.foo(32))
     """
 
     c1 = side_effects_contract("uint256")

tests/functional/builtins/codegen/test_as_wei_value.py

@@ -97,12 +97,12 @@ def foo(a: {data_type}) -> uint256:
 
 def test_ext_call(w3, side_effects_contract, assert_side_effects_invoked, get_contract):
     code = """
-@external
-def foo(a: Foo) -> uint256:
-    return as_wei_value(a.foo(7), "ether")
-
 interface Foo:
     def foo(x: uint8) -> uint8: nonpayable
+
+@external
+def foo(a: Foo) -> uint256:
+    return as_wei_value(extcall a.foo(7), "ether")
     """
 
     c1 = side_effects_contract("uint8")

tests/functional/builtins/codegen/test_ceil.py

@@ -108,12 +108,12 @@ def ceil_param(p: decimal) -> int256:
 
 def test_ceil_ext_call(w3, side_effects_contract, assert_side_effects_invoked, get_contract):
     code = """
-@external
-def foo(a: Foo) -> int256:
-    return ceil(a.foo(2.5))
-
 interface Foo:
     def foo(x: decimal) -> decimal: payable
+
+@external
+def foo(a: Foo) -> int256:
+    return ceil(extcall a.foo(2.5))
     """
 
     c1 = side_effects_contract("decimal")

tests/functional/builtins/codegen/test_create_functions.py

@@ -44,30 +44,23 @@ def test() -> address:
 
 def test_create_minimal_proxy_to_call(get_contract, w3):
     code = """
-
 interface SubContract:
-
     def hello() -> Bytes[100]: view
 
-
 other: public(address)
 
-
 @external
 def test() -> address:
     self.other = create_minimal_proxy_to(self)
     return self.other
 
-
 @external
 def hello() -> Bytes[100]:
     return b"hello world!"
 
-
 @external
 def test2() -> Bytes[100]:
-    return SubContract(self.other).hello()
-
+    return staticcall SubContract(self.other).hello()
     """
 
     c = get_contract(code)
@@ -79,30 +72,24 @@ def test2() -> Bytes[100]:
 
 def test_minimal_proxy_exception(w3, get_contract, tx_failed):
     code = """
-
 interface SubContract:
-
     def hello(a: uint256) -> Bytes[100]: view
 
-
 other: public(address)
 
-
 @external
 def test() -> address:
     self.other = create_minimal_proxy_to(self)
     return self.other
 
-
 @external
 def hello(a: uint256) -> Bytes[100]:
     assert a > 0, "invaliddddd"
     return b"hello world!"
 
-
 @external
 def test2(a: uint256) -> Bytes[100]:
-    return SubContract(self.other).hello(a)
+    return staticcall SubContract(self.other).hello(a)
     """
 
     c = get_contract(code)

tests/functional/builtins/codegen/test_ec.py

@@ -66,7 +66,7 @@ def foo(x: uint256[2]) -> uint256[2]: payable
 
 @external
 def foo(a: Foo) -> uint256[2]:
-    return ecadd([1, 2], a.foo([1, 2]))
+    return ecadd([1, 2], extcall a.foo([1, 2]))
     """
     c1 = side_effects_contract("uint256[2]")
     c2 = get_contract(code)
@@ -148,7 +148,7 @@ def foo(x: uint256) -> uint256: payable
 
 @external
 def foo(a: Foo) -> uint256[2]:
-    return ecmul([1, 2], a.foo(3))
+    return ecmul([1, 2], extcall a.foo(3))
     """
     c1 = side_effects_contract("uint256")
     c2 = get_contract(code)

tests/functional/builtins/codegen/test_empty.py

@@ -445,7 +445,7 @@ def pub2() -> bool:
 @external
 def pub3(x: address) -> bool:
     self.write_junk_to_memory()
-    return Mirror(x).test_empty(empty(int128[111]), empty(Bytes[1024]), empty(Bytes[31]))
+    return staticcall Mirror(x).test_empty(empty(int128[111]), empty(Bytes[1024]), empty(Bytes[31]))
     """
     c = get_contract_with_gas_estimation(code)
     mirror = get_contract_with_gas_estimation(code)
@@ -658,7 +658,7 @@ def foo(
 @view
 @external
 def bar(a: address) -> (uint256, Bytes[33], Bytes[65], uint256):
-    return Foo(a).foo(12, {a}, 42, {b})
+    return staticcall Foo(a).foo(12, {a}, 42, {b})
     """
 
     c1 = get_contract(code_a)

tests/functional/builtins/codegen/test_floor.py

@@ -112,12 +112,12 @@ def floor_param(p: decimal) -> int256:
 
 def test_floor_ext_call(w3, side_effects_contract, assert_side_effects_invoked, get_contract):
     code = """
-@external
-def foo(a: Foo) -> int256:
-    return floor(a.foo(2.5))
-
 interface Foo:
     def foo(x: decimal) -> decimal: nonpayable
+
+@external
+def foo(a: Foo) -> int256:
+    return floor(extcall a.foo(2.5))
     """
 
     c1 = side_effects_contract("decimal")

tests/functional/builtins/codegen/test_mulmod.py

@@ -36,12 +36,12 @@ def test_uint256_mulmod_ext_call(
     w3, side_effects_contract, assert_side_effects_invoked, get_contract
 ):
     code = """
-@external
-def foo(f: Foo) -> uint256:
-    return uint256_mulmod(200, 3, f.foo(601))
-
 interface Foo:
     def foo(x: uint256) -> uint256: nonpayable
+
+@external
+def foo(f: Foo) -> uint256:
+    return uint256_mulmod(200, 3, extcall f.foo(601))
     """
 
     c1 = side_effects_contract("uint256")