Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[rpc] contract.dry_run rpc api should not use local account #2480

Closed
jolestar opened this issue May 6, 2021 · 1 comment · Fixed by #2648
Closed

[rpc] contract.dry_run rpc api should not use local account #2480

jolestar opened this issue May 6, 2021 · 1 comment · Fixed by #2648
Assignees
@jolestar
Labels
area:json-api Issue about node's json api
Milestone
starcoin-1.4.0

Comments

@jolestar
Copy link
Member

jolestar commented May 6, 2021

当前 contract.dry_run 接口用户如果不传递 send 以及 sender_public_key,会默认使用节点本地的账号,这个会造成使用者困惑:

  1. 如果节点上的默认账号在链上未创建,所有的 dry_run 都会失败,调用者不太容易理解这个错误。
  2. dry_run 是公开接口,按道理不应该和节点本地的账号有关系,否则会泄露节点上的账号信息,也有可能引入安全漏洞。

建议:send 和 send_public_key 都必须通过客户端传递,由调用方保证账号在链上存在。
@wk3368
Copy link
Contributor

wk3368 commented May 6, 2021

之前的现象是, 可以通过contract.get_resource查到sender的balance和sequence_number, 证明sender是存在的。

但是如果dry_run的时候只传了sender,没有传sender_public_key,就会报错。

{
"jsonrpc": "2.0",
"error": {
"code": -32603,
"message": "cannot fill public key of txn sender 0x3f19d5422824f47e6c021978cee98f35"
},
"id": 200
}

现在把sender_public_key加上,dry_run 就可以了。我觉得是错误提示不合理, 让用户产生误解, 应该明确提示,缺少sender_public_key参数。

@jolestar jolestar added the area:json-api Issue about node's json api label May 6, 2021
@jolestar jolestar added this to the starcoin-1.4.0 milestone Jun 25, 2021
@jolestar jolestar self-assigned this Jun 25, 2021
jolestar added a commit that referenced this issue Jun 28, 2021
@jolestar
[rpc] dry run api require sender's public_key resolve #2480
51bed41
@jolestar jolestar mentioned this issue Jun 28, 2021
Merged
nanne007 pushed a commit that referenced this issue Jun 29, 2021
@jolestar
Dry run api (#2648)
9ab82d8 
* [rpc] dry run api require sender's public_key resolve #2480

* [rpc] Add contract.dry_run_raw api and

* [cmd] Add dev call-api method for call any json rpc api.
naughtyvenom pushed a commit to naughtyvenom/starcoin that referenced this issue Jul 19, 2021
@jolestar @naughtyvenom
Dry run api (starcoinorg#2648)
8dbde12 
* [rpc] dry run api require sender's public_key resolve starcoinorg#2480

* [rpc] Add contract.dry_run_raw api and

* [cmd] Add dev call-api method for call any json rpc api.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jolestar jolestar

Labels
area:json-api Issue about node's json api
Projects
None yet
Milestone
starcoin-1.4.0
Development

Successfully merging a pull request may close this issue.

Dry run api starcoinorg/starcoin
2 participants
@jolestar @wk3368