Why external contract calls are dangerous and why should we be cautious?

Well in summery it boils down to one single thing and that is that we don’t know what we are interacting with if we’re talking about untrusted external calls. If you haven’t written the contract that we are interacting ourselves, we always have to treat all external calls as untrusted. And that means that we don’t know what code that contract is going to execute, we don’t know how it’s going to interact and we can’t trust that it’s always going to be a good trusted contract. And that is why we should always apply caution everyime we try to interact with an external contract. You might think that hey, I’m not interacting so often with external contract and I don’t really have to care about this — and that is not really true because as soon as you have a value transfer to someone like a function where you transfer ether for example, that might be an external call to a contract that has called your contract, that function call might not come from a person that you send ethere to but might be a contract and then you’re interacting with an external contract which you don’t know who it is. Therefore you need to make sure you don’t have any loopholes in your contract, you are implementing the correct procedures when dealing with value transfer ie.

Many developers are not used to the fact that anyone can call your contract as it sits on the blockchain and anyone can call it. You need to make sure that every single loophole is closed and you don’t have any attack surfaces open. That’s the particular dangers when we talk about external contract calls. Now how you can avoid those mistakes making sure you are following the correct guidelines and best practices of interacting with external contracts.