skip to content
zeroknots.eth

Differences between staticcall and call in Solidity.

solidity, security

Explore staticcall vs call in Solidity with small examples. Uncover their unique features, use cases, and risks for smart contracts.

Intro

In the world of Ethereum smart contracts, developers often find themselves working with different types of function calls. Two commonly used function calls are staticcall and call. Both of these low-level function calls allow developers to interact with other contracts, but they serve different purposes and exhibit unique characteristics. In this blog post, we’ll explore the differences between staticcall and call, providing code examples to illustrate their usage.

staticcall

The staticcall function is used for read-only (view) function calls to other contracts. This type of function call ensures that the target contract’s state cannot be modified during the execution, making it suitable for operations that require reading data without changing the contract’s state. Advantages of staticcall:

  1. Read-only: Ensures no state changes in the called contract, preventing unintended side effects.
  2. Reentrancy protection: As it cannot change state, it inherently provides protection against write reentrancy attacks.
pragma solidity ^0.8.0;

contract StaticCallExample {
    function getBalance(address token, address user) external view returns (uint256) {
        (bool success, bytes memory data) = token.staticcall(abi.encodeWithSignature("balanceOf(address)", user));
    }
}

In the example above, we use staticcall to query the balance of a user’s tokens from an ERC20 token contract. Since the balanceOf function is read-only, we can safely use staticcall to interact with the contract without the risk of changing its state.

call

The call function is a low-level function used for interacting with other contracts, allowing both read and write operations. It is a more versatile function compared to staticcall but comes with some risks, such as potential reentrancy attacks. Developers must be cautious when using call to prevent unintended side effects and security vulnerabilities.

Advantages of call:

  1. Flexibility: Allows both read and write operations, making it suitable for a wider range of interactions with other contracts.
  2. Gas refund: Provides a gas refund for clearing storage during the execution.
pragma solidity ^0.8.0;

interface IERC20 {
    function transfer(address to, uint256 value) external returns (bool);
}

contract CallExample {
    function transferTokens(address token, address to, uint256 amount) external {
        (bool success, bytes memory data) = token.call(abi.encodeWithSignature("transfer(address,uint256)", to, amount));
    }
}

In the example above, we use call to interact with an ERC20 token contract’s transfer function, which modifies the contract’s state. Since transfer is a state-changing function, we need to use call instead of staticcall.

Conclusion

Understanding the differences between staticcall and call is essential for Ethereum smart contract developers. While staticcall is ideal for read-only interactions and offers inherent protection against reentrancy attacks, call provides more flexibility, allowing both read and write operations. However, developers must be cautious when using call to avoid potential security vulnerabilities.

By understanding the strengths and weaknesses of each function call type, developers can make informed decisions when designing and implementing smart contracts, ensuring more secure and reliable applications