Closed lehins closed 10 months ago
colll78
commented
10 months ago Good to see this resolved. We found a smart contract exploit related to this in an auction protocol where you could only refund your bid by referencing a bid that is greater than or equal to your own.
colll78
commented
10 months ago This change will not affect previous versions of Plutus correct? I know that there are scripts on mainnet that rely on the ability to produce an inputs as both a reference inputs and a normal input.
lehins
commented
10 months ago @colll78 Of course, we can't change the behavior of previous eras. If we did the chain would not replay.
Also, we can't make these sort of changes without a hard fork. So this will take into affect in Conway onwards.
Thank you for reminding about the ticket. This was implemented in #4024
Current logic for figuring out reference scripts does not care whether the same inputs is listed in inputs that are spent and reference inputs: https://github.com/IntersectMBO/cardano-ledger/blob/53d93c0878c6960982af7cdd3c2447bc34b65dfa/eras/babbage/impl/src/Cardano/Ledger/Babbage/UTxO.hs#L131
There is never a case when same input should appear in both, so we decided to add a predicate check that makes this impossible.