From a43f2234dd62f223948e6aea140bb588cd021077 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 17 May 2020 23:58:23 +0300 Subject: [PATCH] core: fix Neo.Contract.GetStorageContext security check This syscall should only work for contracts created by current transaction and that is what is supposed to be checked here. Do so by looking at the differences between ic.dao and original lower DAO. --- pkg/core/interop_system.go | 8 ++++++-- pkg/core/interops.go | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/pkg/core/interop_system.go b/pkg/core/interop_system.go index f07da9905..9c4da985f 100644 --- a/pkg/core/interop_system.go +++ b/pkg/core/interop_system.go @@ -575,8 +575,12 @@ func (ic *interopContext) contractGetStorageContext(v *vm.VM) error { if !ok { return fmt.Errorf("%T is not a contract state", cs) } - contractState, err := ic.dao.GetContractState(cs.ScriptHash()) - if contractState == nil || err != nil { + _, err := ic.dao.GetContractState(cs.ScriptHash()) + if err != nil { + return fmt.Errorf("non-existent contract") + } + _, err = ic.lowerDao.GetContractState(cs.ScriptHash()) + if err == nil { return fmt.Errorf("contract was not created in this transaction") } stc := &StorageContext{ diff --git a/pkg/core/interops.go b/pkg/core/interops.go index 445be4d76..25040bce6 100644 --- a/pkg/core/interops.go +++ b/pkg/core/interops.go @@ -27,6 +27,7 @@ type interopContext struct { block *block.Block tx *transaction.Transaction dao *dao.Cached + lowerDao dao.DAO notifications []state.NotificationEvent log *zap.Logger } @@ -34,7 +35,7 @@ type interopContext struct { func newInteropContext(trigger trigger.Type, bc Blockchainer, d dao.DAO, block *block.Block, tx *transaction.Transaction, log *zap.Logger) *interopContext { dao := dao.NewCached(d) nes := make([]state.NotificationEvent, 0) - return &interopContext{bc, trigger, block, tx, dao, nes, log} + return &interopContext{bc, trigger, block, tx, dao, d, nes, log} } // SpawnVM returns a VM with script getter and interop functions set