TrueCloudLab/neoneo-go
7
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity

core: restrict allowed Oracle callbacks

Browse source
This commit is contained in:
Anna Shaleva 2020-12-17 11:41:28 +03:00
parent f2365e2392
commit 31b06907c9
2 changed files with 16 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/core/native/oracle.go
View file

@ -6,6 +6,7 @@ import (
"fmt"
"math"
"math/big"
"strings"
"github.com/nspcc-dev/neo-go/pkg/core/dao"
"github.com/nspcc-dev/neo-go/pkg/core/interop"
@ -275,6 +276,9 @@ func (o *Oracle) RequestInternal(ic *interop.Context, url string, filter *string
if len(url) > maxURLLength || (filter != nil && len(*filter) > maxFilterLength) || len(cb) > maxCallbackLength || gas.Uint64() < 1000_0000 {
return ErrBigArgument
}
if strings.HasPrefix(cb, "_") {
return errors.New("disallowed callback method (starts with '_')")
}
if !ic.VM.AddGas(gas.Int64()) {
return ErrNotEnoughGas