chengevo
commented
6 years ago Looking deep into code base a little bit more, I figure it's more preferable to implement this mechanism in producer_plugin#on_incoming_transaction_async, with something like following:
if( fc::time_point(trx->expiration()) < block_time ) {
send_response(std::static_pointer_cast<fc::exception>(std::make_shared<expired_tx_exception>(FC_LOG_MESSAGE(error, "expired transaction ${id}", ("id", id)) )));
return;
}
if( chain.is_known_unexpired_transaction(id) ) {
send_response(std::static_pointer_cast<fc::exception>(std::make_shared<tx_duplicate>(FC_LOG_MESSAGE(error, "duplicate transaction ${id}", ("id", id)) )));
return;
}
jnordberg
jgiszczak
EOSIO was designed to be able to easily update smart contract deployed on an account. While enjoying the convenience, it also introduced some troubles, some might be even dangerous.
Say Alice have deployed a token contract on the account
alice, and created a token namedalicetoken. Inside the contract implemented a functiontransferto transfer token from an account to another:it all looks good and everyone is happy.
However, suddenly Alice decided she need to take some “tax” from her beloved users, so she silently change the
transferfunction:now Alice is happy but others get hurt.
This is only an example based on token transfer in a simple token contract, but this issue exists in any kind of contract deployed on EOSIO system. Recently one incident already happened in real world: Everipedia made changes to their token contract, that charges transaction fee for whoever sent IQ.
Malicious group can intentionally change the contract to attack their users, cause chaos for the community. Even if it’s a planed contract upgrade, can still cause lost if users didn’t update their program in time to adapt to the contract.
A proposed solution is to enforce contract hash check:
controller#push_transaction, before executing an action, verifies if the hash matches the contract’s hash on chain. If not, abort action execution immediately.