NEP: 11 Title: Smart Contract Verification and Invocation with System Assets Author: Alex DiCarlo (alex.dicarlo@neotracker.io) Type: Standard Status: Draft Created: 2018-06-07 Replaces: NEP-7
This NEP defines a scheme for smart contracts to handle system asset transfers.
Smart contract authors cannot reliably refuse system asset transfers in smart contract invocations. They cannot refuse or react to system asset transfers made with transactions other than invocation transactions to the smart contract address. There is additional complexity in handling the possibility of multiple invocations in the same invocation transaction that expect system assets, typically requiring tracking between calls. At a high level, there are two main issues that this NEP aims to solve:
- Allow smart contracts to refuse system asset transfers.
- Allow smart contracts to react to system asset transfers.
Implement the following changes to the NEO protocol:
- Run invocation transactions' script with the `VerificationR` trigger if it contains system assets sent to a smart contract address. Track which smart contracts have been executed and verify that for each smart contract address output the associated smart contract has executed at least once.
- Incorporate temporary storage for use in the VM during consensus which is used across verification of transactions
- Reject all non-invocation transactions whose outputs contain an address that is a smart contract address.
The specification ensures that smart contracts have a chance to refuse system asset transfers in invocation transactions. By running the script with the `VerificationR` trigger and verifying that the smart contract was called, we also guarantee that the smart contract will have a chance to react to system transfers in the `Application` trigger. Finally, by rejecting all non-invocation transactions that contain a smart contract address as the output, we close the loop and guarantee that whenever a smart contract address is the output of a system asset transfer, the smart contract has the chance to refuse and react to the transfer.
In addition, it has the following beneficial properties:
- Multiple methods that expect system assets are supported.
- Which method and the arguments to the invoked method are known and can be used in the `VerificationR` trigger.
- We introduce a new `VerificationR` trigger, which introduces additional complexity, however, in most cases the functionality of the smart contract need not change whether the smart contract is being run in `Application` or `VerificationR` mode.
- The `VerificationR` trigger can track invocations across calls, and even across transactions in a single block, using storage.
This NEP has the potential to break ongoing ICOs and thus we must coordinate the launch to ensure that all existing smart contracts will handle the `VerificationR` trigger appropriately.