Solidity

Function Modifier

A function modifier is Solidity code that wraps a function to run checks or logic before or after the function body.

A modifier is reusable code that changes how a function runs, often by checking permission first.

Function Modifier Explained in Detail

A function modifier wraps function execution. It commonly checks access, pause state, input validity, or reentrancy before the function body runs.

The _ symbol marks where the function body is inserted. Code before _ runs before the function body. Code after _ runs after it.

Smart contract example

modifier onlyOwner() {
    require(msg.sender == owner, "not owner");
    _;
}

This modifier blocks callers that are not the owner.

Function Modifier in Auditing

Modifiers can hide important security logic. Their order also matters. A function with the right modifiers in the wrong order can still be unsafe.

Auditors expand modifiers mentally and review the full execution path, not just the function body.

Red flags in code

  • Modifiers contain external calls.

  • State changes happen before _ and affect later checks.

  • Modifier order changes authorization or reentrancy behavior.

  • Internal helper functions bypass modifier-protected external functions.

  • A modifier name suggests safety but does not enforce it.

How to test or review it

  • Read modifiers as if their code were pasted into the function.

  • Test protected functions with authorized and unauthorized callers.

  • Check modifier order on every sensitive function.

  • Look for external calls, state writes, and reverts inside modifiers.

  • Confirm internal paths cannot bypass required checks.

Sources