core: fix Neo.Contract.GetStorageContext security check

This syscall should only work for contracts created by current transaction and that is what is supposed to be checked here. Do so by looking at the differences between ic.dao and original lower DAO.
2024-10-16 15:43:25 +00:00 · 2020-05-17 23:58:23 +03:00 · 2020-05-17 23:58:23 +03:00 · 8231953842
commit 8231953842
parent 4284eaf4ab
2 changed files with 8 additions and 2 deletions
--- a/pkg/core/interop/context.go
+++ b/pkg/core/interop/context.go
@ -27,6 +27,7 @@ type Context struct {
 	Block         *block.Block
 	Tx            *transaction.Transaction
 	DAO           *dao.Cached
+	LowerDAO      dao.DAO
 	Notifications []state.NotificationEvent
 	Log           *zap.Logger
 }
@ -42,6 +43,7 @@ func NewContext(trigger trigger.Type, bc blockchainer.Blockchainer, d dao.DAO, n
 		Block:         block,
 		Tx:            tx,
 		DAO:           dao,
+		LowerDAO:      d,
 		Notifications: nes,
 		Log:           log,
 	}
--- a/pkg/core/interop_system.go
+++ b/pkg/core/interop_system.go
@ -537,8 +537,12 @@ func contractGetStorageContext(ic *interop.Context, v *vm.VM) error {
 	if !ok {
 		return fmt.Errorf("%T is not a contract state", cs)
 	}
-	contractState, err := ic.DAO.GetContractState(cs.ScriptHash())
-	if contractState == nil || err != nil {
+	_, err := ic.DAO.GetContractState(cs.ScriptHash())
+	if err != nil {
+		return fmt.Errorf("non-existent contract")
+	}
+	_, err = ic.LowerDAO.GetContractState(cs.ScriptHash())
+	if err == nil {
 		return fmt.Errorf("contract was not created in this transaction")
 	}
 	stc := &StorageContext{