Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add from/to validation to eth_sendRawTransaction #107

Merged
merged 6 commits into from
Nov 28, 2024
Merged

Add from/to validation to eth_sendRawTransaction #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
19e1b82
Add validation to SendRawTransaction
ironbeer Nov 25, 2024
4dac3f8
Rename EVMAccessControl to TransactionFilter and move validation to t…
ironbeer Nov 27, 2024
f4be70d
Revert "Rename EVMAccessControl to TransactionFilter and move validat…
ironbeer Nov 28, 2024
c3dd4a4
Merge branch 'feat/evm-access-control' into feat/evm-access-control-a…
ironbeer Nov 28, 2024
de3e354
Fix package error
ironbeer Nov 28, 2024
4fca5e2
Improved error message
ironbeer Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions core/vm/evm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ func (evm *EVM) Interpreter() *EVMInterpreter {
// execution error or failed value transfer.
func (evm *EVM) Call(caller ContractRef, addr common.Address, input []byte, gas uint64, value *uint256.Int) (ret []byte, leftOverGas uint64, err error) {
// Fail if the address is not allowed to call
if evm.isDeniedToCall(addr) {
if IsDeniedToCall(evm.StateDB, addr) {
return nil, 0, ErrUnauthorizedCall
}
// Fail if we're trying to execute above the call depth limit
Expand Down Expand Up @@ -439,7 +439,7 @@ func (evm *EVM) create(caller ContractRef, codeAndHash *codeAndHash, gas uint64,
evm.StateDB.SetNonce(caller.Address(), nonce+1)
// Fail if the caller is not allowed to create
// Need to check after nonce increment to evict failed tx from the pool
if !evm.isAllowedToCreate(caller.Address()) {
if !IsAllowedToCreate(evm.StateDB, caller.Address()) {
return nil, common.Address{}, 0, ErrUnauthorizedCreate
}
// We add this to the access list _before_ taking a snapshot. Even if the creation fails,
Expand Down
18 changes: 7 additions & 11 deletions core/vm/evm_access_control.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/contracts/oasys"
"github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/params"
)

var (
Expand All @@ -21,20 +20,17 @@ var (
emptyHash common.Hash
)

// Check the `_createAllowedList` mappings in the `EVMAccessControl` contract
func (evm *EVM) isAllowedToCreate(address common.Address) bool {
if evm.chainConfig.ChainID.Cmp(params.OasysTestnetChainConfig.ChainID) == 0 {
return true // Allow all contract creation on testnet
}
hash := computeAddressMapStorageKey(address, 1)
val := evm.StateDB.GetState(evmAccessControl, hash)
// Check the `_createAllowedList` mappings in the `EVMAccessControl` contract
func IsAllowedToCreate(state StateDB, from common.Address) bool {
hash := computeAddressMapStorageKey(from, 1)
val := state.GetState(evmAccessControl, hash)
return val.Cmp(emptyHash) != 0
}

// Check the `_callAllowedList` mappings in the `EVMAccessControl` contract
func (evm *EVM) isDeniedToCall(address common.Address) bool {
hash := computeAddressMapStorageKey(address, 2)
val := evm.StateDB.GetState(evmAccessControl, hash)
func IsDeniedToCall(state StateDB, to common.Address) bool {
hash := computeAddressMapStorageKey(to, 2)
val := state.GetState(evmAccessControl, hash)
return val.Cmp(emptyHash) != 0
}

Expand Down
26 changes: 22 additions & 4 deletions internal/ethapi/api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1844,9 +1844,6 @@ func SubmitTransaction(ctx context.Context, b Backend, tx *types.Transaction) (c
// Ensure only eip155 signed transactions are submitted if EIP155Required is set.
return common.Hash{}, errors.New("only replay-protected (EIP-155) transactions allowed over RPC")
}
if err := b.SendTx(ctx, tx); err != nil {
return common.Hash{}, err
}
// Print a log with full tx details for manual investigations and interventions
head := b.CurrentBlock()
signer := types.MakeSigner(b.ChainConfig(), head.Number, head.Time)
Expand All @@ -1855,7 +1852,28 @@ func SubmitTransaction(ctx context.Context, b Backend, tx *types.Transaction) (c
return common.Hash{}, err
}

if tx.To() == nil {
// Validate the contract creator or destination contract.
to := tx.To()
state, _, err := b.StateAndHeaderByNumber(ctx, rpc.BlockNumber(head.Number.Int64()))
if err != nil {
return common.Hash{}, err
}
if state == nil {
return common.Hash{}, errors.New("state not found")
}
// Fail if the caller is not allowed to create
if to == nil && !vm.IsAllowedToCreate(state, from) {
return common.Hash{}, fmt.Errorf("the deployer address is not allowed. please submit application form. from: %s", from)
}
// Fail if the address is not allowed to call
if to != nil && vm.IsDeniedToCall(state, *to) {
return common.Hash{}, fmt.Errorf("the calling contract is in denlylist. to: %s", to)
}

if err := b.SendTx(ctx, tx); err != nil {
return common.Hash{}, err
}
if to == nil {
addr := crypto.CreateAddress(from, tx.Nonce())
log.Info("Submitted contract creation", "hash", tx.Hash().Hex(), "from", from, "nonce", tx.Nonce(), "contract", addr.Hex(), "value", tx.Value())
} else {
Expand Down