Safer readme example (#961)

kadenzipfel · web-flow · commit 5f00c8416c19 · 2025-04-02T12:52:48.000-04:00
Ensuring that `unlockCallback` is only called by the `poolManager` is almost always a critically important security feature, so imo it should be included even in the most basic of examples
diff --git a/README.md b/README.md
@@ -89,11 +89,14 @@ contract MyContract is IUnlockCallback {
     }
 
     function unlockCallback(bytes calldata data) external returns (bytes memory) {
+        // disallow arbitrary caller
+        if (msg.sender != address(poolManager) revert Unauthorized();
         // perform pool actions
         poolManager.swap(...)
     }
 }
 
+error Unauthorized();
 ```
 
 ## License

Original file line number	Diff line number	Diff line change
`@@ -89,11 +89,14 @@ contract MyContract is IUnlockCallback {`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`function unlockCallback(bytes calldata data) external returns (bytes memory) {`
	`92`	`+ // disallow arbitrary caller`
	`93`	`+ if (msg.sender != address(poolManager) revert Unauthorized();`
`92`	`94`	`// perform pool actions`
`93`	`95`	`poolManager.swap(...)`
`94`	`96`	`}`
`95`	`97`	`}`
`96`	`98`
	`99`	`+error Unauthorized();`
`97`	`100`	```
`98`	`101`
`99`	`102`	`## License`