Why check if address is a contract upon interaction with the smart contract?

In pancakeswap when depositing into a vault they check if the address is a contract. "It prevents contract from being targetted" - What is this supposed to mean?

Does allowing the contracts to interact with the contract create a security risk? Or are they just trying to prevent third parties from building upon their contracts?

Anyone has idea why is this neccesary?

    modifier notContract() {
        require(!_isContract(msg.sender), "contract not allowed");
        require(msg.sender == tx.origin, "proxy contract not allowed");
        _;
    }

    /**
     * @notice Deposits funds into the Cake Vault
     * @dev Only possible when contract not paused.
     * @param _amount: number of tokens to deposit (in CAKE)
     */
    function deposit(uint256 _amount) external whenNotPaused notContract { ... }

    /**
     * @notice Checks if address is a contract
     * @dev It prevents contract from being targetted
     */
    function _isContract(address addr) internal view returns (bool) {
        uint256 size;
        assembly {
            size := extcodesize(addr)
        }
        return size > 0;
    }

Full source code https://bscscan.com/address/0xa80240eb5d7e05d3f250cf000eec0891d00b51cc#code

Just my opinion, this is usually because the function that the modifier is applied on may read information for msg.sender which was written somewhere else only for msg.sender.

1 Like

what if one removed the "notContract" modifier? Does it open a potential vulnerability?

What if i want the contracts to be able to interact with my contract?

is it to prevent potential re-entrancy exploit?