You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
NGD try to complete the NEP5 Template contract in NEO3.In this process,we found the transfer method will execute failed when we try to transfer a Nep5 asset by invoking RPC method sendtoaddress.By testing, we found that the problem is in 'CheckWitness' method.
CheckWitness is a InteropService method.It provides protection for asset transfers
internalstaticboolCheckWitness(ApplicationEngineengine,UInt160hash){if(engine.ScriptContainerisTransactiontx){Cosignerusage=tx.Cosigners.FirstOrDefault(p =>p.Account.Equals(hash));if(usageisnull)returnfalse;if(usage.Scopes==WitnessScope.Global)returntrue;if(usage.Scopes.HasFlag(WitnessScope.CalledByEntry)){if(engine.CallingScriptHash==engine.EntryScriptHash)returntrue;}if(usage.Scopes.HasFlag(WitnessScope.CustomContracts)){if(usage.AllowedContracts.Contains(engine.CurrentScriptHash))returntrue;}if(usage.Scopes.HasFlag(WitnessScope.CustomGroups)){varcontract=engine.Snapshot.Contracts[engine.CallingScriptHash];// check if current group is the required oneif(contract.Manifest.Groups.Select(p =>p.PubKey).Intersect(usage.AllowedGroups).Any())returntrue;}returnfalse;}// only for non-Transaction types (Block, etc)varhashes_for_verifying=engine.ScriptContainer.GetScriptHashesForVerifying(engine.Snapshot);returnhashes_for_verifying.Contains(hash);}
But when we try to transfer a Nep5 asset,we found it will execute failed.The bug logic happens in this part:
We found that if the asset is a global asset(NEO,GAS),CallingScriptHash is equal to EntryScriptHash.
But if the asset is a NEP5 asset,CallingScriptHash is not equal to EntryScriptHash.
The reason of this phenomenon is :
When we transfer a NEP5 asset,there exists at least 3 invoke contexts in InvocationStack .So the value of EntryScriptHash is script hash of Tx script,but the value of EntryScriptHash is script hash of contract.And if the scope of tx is CalledByEntry,it will return false.
Solution
A simple way is change the code in MakeTransaction in Wallet.
We can change the scope of tx to Global. Maybe it will have some security problem.
Another way is that we can create a new scope type for Nep5 asset.
The text was updated successfully, but these errors were encountered:
Describe the bug
NGD try to complete the NEP5 Template contract in NEO3.In this process,we found the
transfer
method will execute failed when we try to transfer a Nep5 asset by invoking RPC methodsendtoaddress
.By testing, we found that the problem is in 'CheckWitness' method.CheckWitness
is a InteropService method.It provides protection for asset transfersBut when we try to transfer a Nep5 asset,we found it will execute failed.The bug logic happens in this part:
We found that if the asset is a global asset(NEO,GAS),
CallingScriptHash
is equal toEntryScriptHash
.But if the asset is a NEP5 asset,
CallingScriptHash
is not equal toEntryScriptHash
.The reason of this phenomenon is :
When we transfer a NEP5 asset,there exists at least 3 invoke contexts in InvocationStack .So the value of
EntryScriptHash
is script hash of Tx script,but the value ofEntryScriptHash
is script hash of contract.And if the scope of tx isCalledByEntry
,it will return false.Solution
MakeTransaction
in Wallet.We can change the scope of tx to
Global
. Maybe it will have some security problem.The text was updated successfully, but these errors were encountered: