Frequently Asked Questions
When calling external addresses from your contract it is unsafe to assume that an address is an externally-owned account (EOA) and not a contract. Attempting to prevent calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract constructor.
Although checking that the address has code,
address.code.length > 0, may seem to differentiate contracts from EOAs, it can only say that an address is currently a contract, and its negation (that an address is not currently a contract) does not imply that the address is an EOA. Some counterexamples are:
address of a contract in construction
address where a contract will be created
address where a contract lived, but was destroyed
Furthermore, an address will be considered a contract within the same transaction where it is scheduled for destruction by
SELFDESTRUCT, which only has an effect at the end of the entire transaction.