OpenZeppelin onlyOwner modifier doesn't work properly

Question

In the Remix, getICOMembers function works appropriately and returns all members of a specific ICO type after they are added to the icoMembers mapping.

mapping(uint256 => address[]) private icoMembers;

function getICOMembers(uint256 _icoType) external view onlyOwner returns (address[] memory) 
{
    return icoMembers[_icoType];
}

0 1

But Etherscan gives this error even if I connected by owner address.

deployer address owner address etherscan error

Also, this function has onlyOwner modifier too but it works.

ICOdata[] private ICOdatas;

function getICODatas() external view onlyOwner returns (ICOdata[] memory) 
{
    return ICOdatas; 
}

getICODatas function output

I tried to add members by hardcoding instead of joining the token sale function, changing external to public but it still gives the same error.

Also, this is the constructor.

constructor(
    address _token,
    address payable _usdtWallet,
    address _vestingContract
) {
    require(
        address(_token) != address(0),
        "ERROR at Crowdsale constructor: Token contract address shouldn't be zero address."
    );
    require(
        _usdtWallet != address(0),
        "ERROR at Crowdsale constructor: USDT wallet address shouldn't be zero address."
    );
    require(
        _vestingContract != address(0),
        "ERROR at Crowdsale constructor: Vesting contract address shouldn't be zero address."
    );

    token = ERC20(_token);
    usdtWallet = _usdtWallet;
    totalAllocation = 0;
    vestingContract = IVesting(_vestingContract);
    transferOwnership(msg.sender);
}

Do you have a constructor that specifies msg.sender is owner? Show more code so it will be easier to find out what is wrong. — Petr Galushkin, Feb 14 '23 at 14:12

score 0 · Answer 1 · answered Feb 14 '23 at 14:51

0

A view function is usually invoked using a read-only call - not using a transaction.

Unlike transaction, a call is not signed by any private key. So you can specify any from address that is reflected as the value of msg.sender.

Then it depends on the specific implementation of the UI and of the node that processes the call. My guess is that Remix IDE uses the currently selected address from the accounts list as msg.sender (which passes the onlyOwner validation), while Etherscan uses the zero address (which fails the validation).

answered Feb 14 '23 at 14:51

Petr Hejda

40,554
8
72
100

But both functions use onlyOwner and only getICODatas onlyOwner modifier works as it's supposed to whereas as you said view functions have no msg.sender. What is the problem that makes it work in one and not the other? – samet mollaoglu Feb 15 '23 at 15:11
@sametmollaoglu I'm not able to reproduce it exactly, so I'm not sure, and only guessing that there might be some cached value on Etherscan's side that bypasses the validation altogether... But generally, it's not advisable to rely on `onlyOwner` with the (read-only) calls. It works fine with transactions. – Petr Hejda Feb 15 '23 at 17:16

OpenZeppelin onlyOwner modifier doesn't work properly

1 Answers1