Concept #

When you are running a contract, you often want to know who is running it. For example, if someone who isn’t an account owner tries to spend their money, you need to have some way of identifying who that person is and prevent that from happening. This is where Context, or ctx inside of smart contracts, comes into play.

There are four types of ctx variables.

ctx.callerThe identity of the person or smart contract calling the method.Changes when a new method is evoked to the name of the smart contract that evoked that method. This allows for gating.
ctx.thisThe identity of the smart contract where this variable is used.Constant. Never changed. Use for giving smart contracts rights and accounts.
ctx.signerThe top-level signer of the transaction. This is constant throughout the transaction’s execution
ctx.ownerThe owner of the contract, which is an optional field that can be set on time of submission. If this field is set, only the ctx.owner can call any of the methods on the smart contract. This allows for a parent-child model.

ctx.caller #

This is the most complex Context variable, but also the most useful. The ctx.caller is the same as the transaction signer (ctx.signer) at the beginning of execution. If the smart contract that is initially invoked calls a method on another smart contract, the ctx.caller then changes to the name of the smart contract calling that method, and so on and so forth until the end of the execution.

def direct():
    def who_am_i():
        return ctx.caller

def indirect():
    import direct

    def call_direct():
        return direct.who_am_i()

Assume the two contracts above exist in state space. If stu calls who_am_i on the direct contract, stu will be returned because direct does not call any methods in any other smart contracts.

However, if stu calls call_direct on the indirect contract, indirect will be returned because indirect is now the caller of this method.

A good example of how to use this would be in a token contract.

def token():
    balances = Hash()
    def seed():
        balances['stu'] = 100
        balances['contract'] = 99

    def send(amount: float, to: str):
        assert balances[ctx.caller] >= amount

        balances[ctx.caller] -= amount
        balances[to] += amount

def contract():
    import token

    def withdraw(amount: float):
        assert ctx.caller == 'stu'

        token.send(amount, ctx.caller)

In the above setup, stu has 100 tokens directly on the token contract. He can send them, because his account balance is looked up based on the ctx.caller when the send method is called.

Similarly, contract also has 99 tokens. When contract imports token and calls sendctx.caller is changed to contract, and its balance is looked up and mutated accordingly.

ctx.this #

This is a very simple reference to the name of the smart contract. Use cases are generally when you need to identify a smart contract itself when doing some sort of transaction, such as sending payment through an account managed by the smart contract but residing in another smart contract.

def registrar():
    names = Hash()

    def register(name: str, value: Any):
        if names[name] is None:
            names[name] = value

def controller():
    import registrar

    def register(value: Any):
        registrar.register(ctx.this, value)

ctx.signer #

This is the absolute signer of the transaction regardless of where the code is being executed in the call stack. This is good for creating blacklists of users from a particular contract.

def blacklist():
    not_allowed = ['stu', 'tejas']

    def some_func():
        assert ctx.signer not in not_allowed
        return 'You are not blacklisted!'

def indirect():
    import blacklist

    def try_to_bypass():
        return blacklist.some_func()

In the case that stu calls the try_to_bypass method on indirect, the transaction will still fail because ctx.signer is used for gating instead of ctx.caller.

NOTE: Never use ctx.signer for account creation or identity. Only use it for security guarding and protection. ctx.caller should allow behavior based on the value. ctx.signer should block behavior based on the value.

ctx.owner #

On submission, you can specify the owner of a smart contract. This means that only the owner can call the @export methods on it. This is for advanced contract pattern types where a single controller is desired for many ‘sub-contracts’. Using ctx.owner inside of a smart contract can only be used to change the ownership of the contract itself. Be careful with this method!

def ownable():
    def change_ownership(new_owner: str):
        ctx.owner = new_owner

The above contract is not callable unless the ctx.caller is the ctx.owner. Therefore, you do not need to do additional checks to make sure that this is the case.

Updated on February 3, 2021