assert_one_yocto
(Forced Confirmation)
When reading NEAR smart contracts, you may see references to assert_one_yocto
scattered around. This function requires the sender to attach one—exactly one—yoctoNEAR (1e-24 NEAR) to the function call.
Why would a smart contract developer care about such a thing?
Recall that attaching a deposit to a function call requires the call to be signed by a full-access key? This technique merely ensures that the function call is signed by a full-access key holder.
Lots of different applications may be function call key holders. If a dapp developer isn't especially conscientious (or worse—malicious!) and fails to specify a list of methods when they request an access key, he obtains a key that is allowed to call any function on the contract. If the smart contract developer wants to make sure that every time a particular function is called, a veritable owner of the account manually approves the call, the developer can use assert_one_yocto
to ensure that occurs.
(Be sure to mark all functions that use assert_one_yocto
as #[payable]
!)