Closed m-Peter closed 2 months ago
Since the event subscription already filters only the events we are interested in we don't have to check again if events are coming from the correct address.
Closing this as per the above comment on https://github.com/onflow/flow-evm-gateway/pull/361
Currently, we have the following logic for checking whether we're dealing with an EVM-related event:
However, the condition on the
return
statement is rather weak. For example:The above is a concrete example that occurs when ingesting EVM events. However, even though it returns
true
, we can't know for sure that it came from the official address where theEVM
contract is deployed. Any account can deploy a fakeEVM
contract, with the same events, and emit such events with fake/dummy data. And this will affect the state index of the EVM Gateway, returning incorrect data. So we need to compare for strict equality with the exactAddressLocation
for each network (previewnet, testnet, mainnet).Right now, the ingestion subscriber, creates the appropriate event filters, but we can't rely on this. We need to have strict checks in each place.