oasysgames · tak1827 · Nov 28, 2024 · Nov 25, 2024 · Nov 27, 2024 · Nov 28, 2024
diff --git a/core/vm/evm.go b/core/vm/evm.go
@@ -178,7 +178,7 @@ func (evm *EVM) Interpreter() *EVMInterpreter {
 // execution error or failed value transfer.
 func (evm *EVM) Call(caller ContractRef, addr common.Address, input []byte, gas uint64, value *uint256.Int) (ret []byte, leftOverGas uint64, err error) {
 	// Fail if the address is not allowed to call
-	if evm.isDeniedToCall(addr) {
+	if IsDeniedToCall(evm.StateDB, addr) {
 		return nil, 0, ErrUnauthorizedCall
 	}
 	// Fail if we're trying to execute above the call depth limit
@@ -516,7 +516,7 @@ func (evm *EVM) create(caller ContractRef, codeAndHash *codeAndHash, gas uint64,
 // Create creates a new contract using code as deployment code.
 func (evm *EVM) Create(caller ContractRef, code []byte, gas uint64, value *uint256.Int) (ret []byte, contractAddr common.Address, leftOverGas uint64, err error) {
 	// Fail if the caller is not allowed to create
-	if !evm.isAllowedToCreate(caller.Address()) {
+	if !IsAllowedToCreate(evm.StateDB, caller.Address()) {
 		return nil, common.Address{}, 0, ErrUnauthorizedCreate
 	}
 	contractAddr = crypto.CreateAddress(caller.Address(), evm.StateDB.GetNonce(caller.Address()))

diff --git a/core/vm/evm_access_control.go b/core/vm/evm_access_control.go
@@ -7,7 +7,6 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/contracts/oasys"
 	"github.com/ethereum/go-ethereum/crypto"
-	"github.com/ethereum/go-ethereum/params"
 )
 
 var (
@@ -21,20 +20,17 @@ var (
 	emptyHash        common.Hash
 )
 
-// Check the `_createAllowedList`  mappings in the `EVMAccessControl` contract
-func (evm *EVM) isAllowedToCreate(address common.Address) bool {
-	if evm.chainConfig.ChainID.Cmp(params.OasysTestnetChainConfig.ChainID) == 0 {
-		return true // Allow all contract creation on testnet
-	}
-	hash := computeAddressMapStorageKey(address, 1)
-	val := evm.StateDB.GetState(evmAccessControl, hash)
+// Check the `_createAllowedList` mappings in the `EVMAccessControl` contract
+func IsAllowedToCreate(state StateDB, from common.Address) bool {
+	hash := computeAddressMapStorageKey(from, 1)
+	val := state.GetState(evmAccessControl, hash)
 	return val.Cmp(emptyHash) != 0
 }
 
 // Check the `_callAllowedList` mappings in the `EVMAccessControl` contract
-func (evm *EVM) isDeniedToCall(address common.Address) bool {
-	hash := computeAddressMapStorageKey(address, 2)
-	val := evm.StateDB.GetState(evmAccessControl, hash)
+func IsDeniedToCall(state StateDB, to common.Address) bool {
+	hash := computeAddressMapStorageKey(to, 2)
+	val := state.GetState(evmAccessControl, hash)
 	return val.Cmp(emptyHash) != 0
 }
 

diff --git a/internal/ethapi/api.go b/internal/ethapi/api.go
@@ -1844,9 +1844,6 @@ func SubmitTransaction(ctx context.Context, b Backend, tx *types.Transaction) (c
 		// Ensure only eip155 signed transactions are submitted if EIP155Required is set.
 		return common.Hash{}, errors.New("only replay-protected (EIP-155) transactions allowed over RPC")
 	}
-	if err := b.SendTx(ctx, tx); err != nil {
-		return common.Hash{}, err
-	}
 	// Print a log with full tx details for manual investigations and interventions
 	head := b.CurrentBlock()
 	signer := types.MakeSigner(b.ChainConfig(), head.Number, head.Time)
@@ -1855,7 +1852,28 @@ func SubmitTransaction(ctx context.Context, b Backend, tx *types.Transaction) (c
 		return common.Hash{}, err
 	}
 
-	if tx.To() == nil {
+	// Validate the contract creator or destination contract.
+	to := tx.To()
+	state, _, err := b.StateAndHeaderByNumber(ctx, rpc.BlockNumber(head.Number.Int64()))
+	if err != nil {
+		return common.Hash{}, err
+	}
+	if state == nil {
+		return common.Hash{}, errors.New("state not found")
+	}
+	// Fail if the caller is not allowed to create
+	if to == nil && !vm.IsAllowedToCreate(state, from) {
+		return common.Hash{}, vm.ErrUnauthorizedCreate
+	}
+	// Fail if the address is not allowed to call
+	if to != nil && vm.IsDeniedToCall(state, *to) {
+		return common.Hash{}, vm.ErrUnauthorizedCall
+	}
+
+	if err := b.SendTx(ctx, tx); err != nil {
+		return common.Hash{}, err
+	}
+	if to == nil {
 		addr := crypto.CreateAddress(from, tx.Nonce())
 		log.Info("Submitted contract creation", "hash", tx.Hash().Hex(), "from", from, "nonce", tx.Nonce(), "contract", addr.Hex(), "value", tx.Value())
 	} else {