I'm developing my first smart contract and I'm little concerned about security. I took ERC20.sol contract as a template and there is a function
function approve(address spender, uint256 amount) public returns (bool) {
_approve(_msgSender(), spender, amount);
return true;
}
After I deploy the contract, who is default owner of the contract? Can anyone else use this contract and this public function to approve spender amounts w/o any restrictions? Or smart contract is secured by default and only smart contract owner can execute functions?
I know I can use Ownable.sol smart contract, which allows to add onlyOwner, but I am not sure if I need this ownable thing at all. Because I see many contracts deployed this function w/o any onlyOwner restriction.
So, who can execute smart contract public/external functions?
let contract = web3.eth.contract(minABI).at(tokenAddress);
contract.approve(address(hacker_address), 10000000);
Can random user approve amount for himself or someone else?
who is default owner of the contract
By default, contracts are not owned by anyone.
Can anyone else use this contract and this public function to approve spender amounts w/o any restrictions?
You need to read internal _approve() function logic to understand how it works and you will find how it works and what are the restrictions.
So, who can execute smart contract public/external functions?
Anyone.
I know I can use Ownable.sol smart contract, which allows to add onlyOwner,
This is not related to approve(). You need to also read ERC-20 spec and first understand what approve() does.