Comments (7)
AssertOriginCall is used to ensure there is no middleman. GetOriginCaller validates who signed the transaction, while PrevRealm is used for whitelisting contracts.
These functions can be used separately or combined to achieve varying levels of security.
For example, consider contracts that allow users to claim NFTs and AirDrops from a pre-screened wallet list. In this scenario, GetOriginCaller is necessary to validate the request.
However, the claim request can be sent either directly from the user to the Owner's contract or through a third-party entity, such as a token distributor or an NFT auction house.
The Contract Owner has further two options:
To prevent middleman involvement, use GetOriginCaller + AssertOriginCall.
To allow pre-selected or registered third parties, use GetOriginCaller + PrevRealm.
from gno.
I and many developers have not been neck deep for years in obscure smart contract security concerns. The selling point of Gno.land is that it doesn't have a steep learning curve. IMO 😉, the "safest" of these security behaviors should be enabled by default, without the realm developer needing to figure out which of these weird functions they have to call at the top of every public realm function. That's the job of the Gno.land infrastructure. It should be built-in, with a way for advanced developers to override if they have studied the security details and want to change it.
from gno.
Additional note: the removal of GetOrigCaller
implies also the removal of TestSetOrigCaller
.
from gno.
Before making changes everywhere, I would like to request people to provide examples of proper usage of GetOrigCaller. This way, we can ensure that we only modify what is necessary, rather than altering everything.
@piux2: I believe you mentioned examples during a previous call.
from gno.
@jefft0
Thanks you for the feedback. Good suggestion!
What do you think about creating standard rules and policies to abstract away these low-level checks?
from gno.
Here's the idea I had in mind: The default is the check you mentioned to "prevent middleman involvement". The VM enforces this without the realm function needing to call a function like AssertOriginCall
. However, the first call of the realm function can be an override to define a "white list" or whatever. When the package is added to the realm, each public function is scanned for these enforcement calls. If present then these override the default behavior.
from gno.
The default is the check you mentioned to "prevent middleman involvement". The VM enforces this without the realm function needing to call a function like
AssertOriginCall
.
There's another need we're balancing here: the desire to build a platform which is very powerful in terms of "composability".
Aside from the technical complications of having something like "AssertOriginCall" by default and disabling it ad-hoc, it just means users or other contracts cannot "script around" a method. AssertOriginCall is like placing your data directly in the HTML of a page (if someone wants it, they have to scrape it => in Gno, they have to call it with MsgCall in a tx), the opposite is having the data in a public API (=> you can just call a realm's function from another realm or MsgRun).
from gno.
Related Issues (20)
- Add/append balances and txs when genesis exists HOT 3
- [docs] Update outdated images & gifs HOT 1
- CI issue about contribs/ is only triggered after PR merges HOT 1
- Is it possible to have a dedicated CI error when it's just Codecov?
- Bug recently introduced makes `gno-js`'s `provider.evaluateExpression` timeout HOT 3
- Clarify allowed files and extensions when adding a package
- gnokey does not show the full HTTP response in case of error HOT 4
- task: check the lexical restrictions on gno module paths and compare to go
- Sentry Nodes lagging behind validator in consensus process HOT 20
- [chain] Upload and display benchmarks for the gno monorepo HOT 5
- [chain] Refactor and revise the `gnolang/benchmarks` repository
- [chain] Add OTEL tracing functionality + Jaeger HOT 3
- Track and identify emitted events HOT 5
- Document some gnoland flags require -lazy
- [chain] Audit the Gno.land storage layer
- Deleting an imported key deletes the old key HOT 1
- [GnoVM] Missing method DecRefCount when deleting element in pointer slice
- Client-side HTTP basic authentication support HOT 4
- Proposition to add a $GNOADDR or $ADDRESS env variable HOT 2
- Adding a package with insufficient gas causes causes 'should not happen' the next time
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gno.