Currently I lock the function for the user to prevent re-enterncy attack but is there other ways? Especially i am thinking that our backend canister can’t by called by any other frontend, so it can be overkill.
#[update]
async fn deposit_ckusdt() -> Result<Wallet, Error> {
if is_deposeting(caller()){
return Err("Please tray again later")
}
set_is_deposeting(caller())
// ..... rest of code
unset_is_deposeting(caller())
}
for deposit of tokens you can’t achieve such thing. As the address is publicly available anyone can deposit the tokens to the address.
I think there is no way to check if the calls are made from your deployed frontend canister directly. BUT you can use some tokenization way (for e.g. JWT).
read this post from @severin: How does canister state change when processing multiple messages that await inter-canister calls? - #5 by Severin