interop: use currently executing contract state for permissions check

It's not correct to use an updated contract state got from Management to
check for the allowed method call. We need to use manifest from the
currently executing context for that. It may be critical for cases when
executing contract is being updated firstly, and after that calls
another contract. So we need an old (executing) contract manifest for
this check.

This change likely does not affect the mainnet's state since it's hard
to meet the trigger criteria, but I'd put it under the hardfork anyway.

Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>

cli/options/options.go

@@ -29,7 +29,6 @@ import (
 	"github.com/urfave/cli"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
-	"golang.org/x/term"
 	"gopkg.in/yaml.v3"
 )
 
@@ -220,7 +219,6 @@ var (
 // If logPath is configured -- function creates a dir and a file for logging.
 // If logPath is configured on Windows -- function returns closer to be
 // able to close sink for the opened log output file.
-// If the program is run in TTY then logger adds timestamp to its entries.
 func HandleLoggingParams(debug bool, cfg config.ApplicationConfiguration) (*zap.Logger, *zap.AtomicLevel, func() error, error) {
 	var (
 		level = zapcore.InfoLevel
@@ -241,11 +239,7 @@ func HandleLoggingParams(debug bool, cfg config.ApplicationConfiguration) (*zap.
 	cc.DisableStacktrace = true
 	cc.EncoderConfig.EncodeDuration = zapcore.StringDurationEncoder
 	cc.EncoderConfig.EncodeLevel = zapcore.CapitalLevelEncoder
-	if term.IsTerminal(int(os.Stdout.Fd())) {
-		cc.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
-	} else {
-		cc.EncoderConfig.EncodeTime = func(t time.Time, encoder zapcore.PrimitiveArrayEncoder) {}
-	}
+	cc.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
 	cc.Encoding = "console"
 	cc.Level = zap.NewAtomicLevelAt(level)
 	cc.Sampling = nil

cli/testdata/wallet1_solo.json

@@ -65,6 +65,7 @@
       "key": "6PYSATFztBa3CHjSR6sLAKungUEAbQUCVE16KzmaQQ38gLeYGZ9Knd5mGv",
       "label": "verify",
       "contract": {
+        "script": "VwEAEUBXAANA",
         "parameters": [],
         "deployed": true
       },

cli/wallet/wallet.go

@@ -651,8 +651,7 @@ func importDeployed(ctx *cli.Context) error {
 		return cli.NewExitError("contract has no `verify` method with boolean return", 1)
 	}
 	acc.Address = address.Uint160ToString(cs.Hash)
-	// Explicitly overwrite single signature script of the provided WIF since the contract is known to be deployed.
-	acc.Contract.Script = nil
+	acc.Contract.Script = cs.NEF.Script
 	acc.Contract.Parameters = acc.Contract.Parameters[:0]
 	for _, p := range md.Parameters {
 		acc.Contract.Parameters = append(acc.Contract.Parameters, wallet.ContractParam{

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/nspcc-dev/dbft v0.2.0
 	github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.11
 	github.com/nspcc-dev/rfc6979 v0.2.1
 	github.com/pierrec/lz4 v2.6.1+incompatible
 	github.com/pmezard/go-difflib v1.0.0
@@ -51,22 +51,24 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mmcloughlin/addchain v0.4.0 // indirect
-	github.com/nspcc-dev/hrw/v2 v2.0.1 // indirect
-	github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240305074711-35bc78d84dc4 // indirect
-	github.com/nspcc-dev/tzhash v1.7.2 // indirect
+	github.com/nspcc-dev/hrw v1.0.9 // indirect
+	github.com/nspcc-dev/neofs-api-go/v2 v2.14.0 // indirect
+	github.com/nspcc-dev/neofs-crypto v0.4.0 // indirect
+	github.com/nspcc-dev/tzhash v1.7.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rs/zerolog v1.30.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect
 	golang.org/x/mod v0.16.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect
-	google.golang.org/grpc v1.62.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	rsc.io/tmplfunc v0.0.3 // indirect
 )

go.sum

@@ -26,6 +26,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
@@ -91,18 +92,21 @@ github.com/nspcc-dev/dbft v0.2.0 h1:sDwsQES600OSIMncV176t2SX5OvB14lzeOAyKFOkbMI=
 github.com/nspcc-dev/dbft v0.2.0/go.mod h1:oFE6paSC/yfFh9mcNU6MheMGOYXK9+sPiRk3YMoz49o=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 h1:mD9hU3v+zJcnHAVmHnZKt3I++tvn30gBj2rP2PocZMk=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2/go.mod h1:U5VfmPNM88P4RORFb6KSUVBdJBDhlqggJZYGXGPxOcc=
-github.com/nspcc-dev/hrw/v2 v2.0.1 h1:CxYUkBeJvNfMEn2lHhrV6FjY8pZPceSxXUtMVq0BUOU=
-github.com/nspcc-dev/hrw/v2 v2.0.1/go.mod h1:iZAs5hT2q47EGq6AZ0FjaUI6ggntOi7vrY4utfzk5VA=
+github.com/nspcc-dev/hrw v1.0.9 h1:17VcAuTtrstmFppBjfRiia4K2wA/ukXZhLFS8Y8rz5Y=
+github.com/nspcc-dev/hrw v1.0.9/go.mod h1:l/W2vx83vMQo6aStyx2AuZrJ+07lGv2JQGlVkPG06MU=
 github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d h1:Vcb7YkZuUSSIC+WF/xV3UDfHbAxZgyT2zGleJP3Ig5k=
 github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d/go.mod h1:/vrbWSHc7YS1KSYhVOyyeucXW/e+1DkVBOgnBEXUCeY=
-github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240305074711-35bc78d84dc4 h1:arN0Ypn+jawZpu1BND7TGRn44InAVIqKygndsx0y2no=
-github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240305074711-35bc78d84dc4/go.mod h1:7Tm1NKEoUVVIUlkVwFrPh7GG5+Lmta2m7EGr4oVpBd8=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12 h1:mdxtlSU2I4oVZ/7AXTLKyz8uUPbDWikZw4DM8gvrddA=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.12/go.mod h1:JdsEM1qgNukrWqgOBDChcYp8oY4XUzidcKaxY4hNJvQ=
+github.com/nspcc-dev/neofs-api-go/v2 v2.14.0 h1:jhuN8Ldqz7WApvUJRFY0bjRXE1R3iCkboMX5QVZhHVk=
+github.com/nspcc-dev/neofs-api-go/v2 v2.14.0/go.mod h1:DRIr0Ic1s+6QgdqmNFNLIqMqd7lNMJfYwkczlm1hDtM=
+github.com/nspcc-dev/neofs-crypto v0.4.0 h1:5LlrUAM5O0k1+sH/sktBtrgfWtq1pgpDs09fZo+KYi4=
+github.com/nspcc-dev/neofs-crypto v0.4.0/go.mod h1:6XJ8kbXgOfevbI2WMruOtI+qUJXNwSGM/E9eClXxPHs=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.11 h1:QOc8ZRN5DXlAeRPh5QG9u8rMLgoeRNiZF5/vL7QupWg=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.11/go.mod h1:W+ImTNRnSNMH8w43H1knCcIqwu7dLHePXtlJNZ7EFIs=
+github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
 github.com/nspcc-dev/rfc6979 v0.2.1 h1:8wWxkamHWFmO790GsewSoKUSJjVnL1fmdRpokU/RgRM=
 github.com/nspcc-dev/rfc6979 v0.2.1/go.mod h1:Tk7h5kyUWkhjyO3zUgFFhy1v2vQv3BvQEntakdtqrWc=
-github.com/nspcc-dev/tzhash v1.7.2 h1:iRXoa9TJqH/DQO7FFcqpq9BdruF9E7/xnFGlIghl5J4=
-github.com/nspcc-dev/tzhash v1.7.2/go.mod h1:oHiH0qwmTsZkeVs7pvCS5cVXUaLhXxSFvnmnZ++ijm4=
+github.com/nspcc-dev/tzhash v1.7.0 h1:/+aL33NC7y5OIGnY2kYgjZt8mg7LVGFMdj/KAJLndnk=
+github.com/nspcc-dev/tzhash v1.7.0/go.mod h1:Dnx9LUlOLr5paL2Rtc96x0PPs8D9eIkUtowt1n+KQus=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -135,6 +139,11 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 h1:xQdMZ1WLrgkkvOZ/LDQxjVxMLdby7osSh4ZEVa5sIjs=
@@ -147,17 +156,18 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
 go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
+go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
+go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ=
+golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8=
 golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
 golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -197,10 +207,10 @@ golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c h1:NUsgEN92SQQqzfA+YtqYNqYmB3DMMYLlIwUZAQFVFbo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
-google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
-google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -220,6 +230,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=

pkg/config/hardfork.go

@@ -27,6 +27,9 @@ const (
 	// https://github.com/neo-project/neo/pull/2925) and #3362 (ported from
 	// https://github.com/neo-project/neo/pull/3154).
 	HFCockatrice // Cockatrice
+	// HFDomovoi represents hard-fork introduced in #3476 (ported from
+	// https://github.com/neo-project/neo/pull/3290).
+	HFDomovoi // Domovoi
 	// hfLast denotes the end of hardforks enum. Consider adding new hardforks
 	// before hfLast.
 	hfLast

pkg/config/hardfork_string.go

@@ -12,13 +12,15 @@ func _() {
 	_ = x[HFAspidochelone-1]
 	_ = x[HFBasilisk-2]
 	_ = x[HFCockatrice-4]
-	_ = x[hfLast-8]
+	_ = x[HFDomovoi-8]
+	_ = x[hfLast-16]
 }
 
 const (
 	_Hardfork_name_0 = "DefaultAspidocheloneBasilisk"
 	_Hardfork_name_1 = "Cockatrice"
-	_Hardfork_name_2 = "hfLast"
+	_Hardfork_name_2 = "Domovoi"
+	_Hardfork_name_3 = "hfLast"
 )
 
 var (
@@ -33,6 +35,8 @@ func (i Hardfork) String() string {
 		return _Hardfork_name_1
 	case i == 8:
 		return _Hardfork_name_2
+	case i == 16:
+		return _Hardfork_name_3
 	default:
 		return "Hardfork(" + strconv.FormatInt(int64(i), 10) + ")"
 	}

pkg/core/blockchain.go

@@ -3017,7 +3017,12 @@ func (bc *Blockchain) verifyTxWitnesses(t *transaction.Transaction, block *block
 
 // verifyHeaderWitnesses is a block-specific implementation of VerifyWitnesses logic.
 func (bc *Blockchain) verifyHeaderWitnesses(currHeader, prevHeader *block.Header) error {
-	hash := prevHeader.NextConsensus
+	var hash util.Uint160
+	if prevHeader == nil && currHeader.PrevHash.Equals(util.Uint256{}) {
+		hash = currHeader.Script.ScriptHash()
+	} else {
+		hash = prevHeader.NextConsensus
+	}
 	_, err := bc.VerifyWitness(hash, currHeader, &currHeader.Script, HeaderVerificationGasLimit)
 	return err
 }

pkg/core/blockchain_core_test.go

@@ -370,6 +370,7 @@ func TestNewBlockchain_InitHardforks(t *testing.T) {
 			config.HFAspidochelone.String(): 0,
 			config.HFBasilisk.String():      0,
 			config.HFCockatrice.String():    0,
+			config.HFDomovoi.String():       0,
 		}, bc.GetConfig().Hardforks)
 	})
 	t.Run("empty set", func(t *testing.T) {
@@ -400,13 +401,14 @@ func TestNewBlockchain_InitHardforks(t *testing.T) {
 	})
 	t.Run("all present", func(t *testing.T) {
 		bc := newTestChainWithCustomCfg(t, func(c *config.Config) {
-			c.ProtocolConfiguration.Hardforks = map[string]uint32{config.HFAspidochelone.String(): 5, config.HFBasilisk.String(): 10, config.HFCockatrice.String(): 15}
+			c.ProtocolConfiguration.Hardforks = map[string]uint32{config.HFAspidochelone.String(): 5, config.HFBasilisk.String(): 10, config.HFCockatrice.String(): 15, config.HFDomovoi.String(): 20}
 			require.NoError(t, c.ProtocolConfiguration.Validate())
 		})
 		require.Equal(t, map[string]uint32{
 			config.HFAspidochelone.String(): 5,
 			config.HFBasilisk.String():      10,
 			config.HFCockatrice.String():    15,
+			config.HFDomovoi.String():       20,
 		}, bc.GetConfig().Hardforks)
 	})
 }

pkg/core/blockchain_neotest_test.go

@@ -271,7 +271,7 @@ func TestBlockchain_StartFromExistingDB(t *testing.T) {
 
 		_, _, _, err = chain.NewMultiWithCustomConfigAndStoreNoCheck(t, customConfig, cache)
 		require.Error(t, err)
-		require.True(t, strings.Contains(err.Error(), fmt.Sprintf("native %s: version mismatch for the latest hardfork Cockatrice (stored contract state differs from autogenerated one)", nativenames.CryptoLib)), err)
+		require.True(t, strings.Contains(err.Error(), fmt.Sprintf("native %s: version mismatch for the latest hardfork Domovoi (stored contract state differs from autogenerated one)", nativenames.CryptoLib)), err)
 	})
 
 	t.Run("good", func(t *testing.T) {

pkg/core/interop/contract/call.go

@@ -6,6 +6,7 @@ import (
 	"math/big"
 	"strings"
 
+	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/core/dao"
 	"github.com/nspcc-dev/neo-go/pkg/core/interop"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
@@ -77,12 +78,18 @@ func callInternal(ic *interop.Context, cs *state.Contract, name string, f callfl
 	if md.Safe {
 		f &^= (callflag.WriteStates | callflag.AllowNotify)
 	} else if ctx := ic.VM.Context(); ctx != nil && ctx.IsDeployed() {
-		curr, err := ic.GetContract(ic.VM.GetCurrentScriptHash())
-		if err == nil {
-			if !curr.Manifest.CanCall(cs.Hash, &cs.Manifest, name) {
-				return errors.New("disallowed method call")
+		var mfst *manifest.Manifest
+		if ic.IsHardforkEnabled(config.HFDomovoi) {
+			mfst = ctx.GetManifest()
+		} else {
+			curr, err := ic.GetContract(ic.VM.GetCurrentScriptHash())
+			if err == nil {
+				mfst = &curr.Manifest
 			}
 		}
+		if mfst != nil && !mfst.CanCall(cs.Hash, &cs.Manifest, name) {
+			return errors.New("disallowed method call")
+		}
 	}
 	return callExFromNative(ic, ic.VM.GetCurrentScriptHash(), cs, name, args, f, hasReturn, isDynamic, false)
 }

pkg/core/interop/contract/call_test.go

@@ -11,6 +11,7 @@ import (
 	"github.com/nspcc-dev/neo-go/internal/contracts"
 	"github.com/nspcc-dev/neo-go/internal/random"
 	"github.com/nspcc-dev/neo-go/pkg/compiler"
+	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/core/block"
 	"github.com/nspcc-dev/neo-go/pkg/core/interop"
 	"github.com/nspcc-dev/neo-go/pkg/core/interop/contract"
@@ -173,6 +174,117 @@ func TestCall(t *testing.T) {
 	})
 }
 
+func TestSystemContractCall_Permissions(t *testing.T) {
+	check := func(t *testing.T, cfg func(*config.Blockchain), shouldUpdateFail bool) {
+		bc, acc := chain.NewSingleWithCustomConfig(t, cfg)
+		e := neotest.NewExecutor(t, bc, acc, acc)
+
+		// Contract A has an unsafe method.
+		srcA := `package contractA
+		func RetOne() int {
+			return 1
+		}`
+		ctrA := neotest.CompileSource(t, acc.ScriptHash(), strings.NewReader(srcA), &compiler.Options{
+			NoEventsCheck:      true,
+			NoPermissionsCheck: true,
+			Name:               "contractA",
+		})
+		e.DeployContract(t, ctrA, nil)
+
+		var hashAStr string
+		for i := 0; i < util.Uint160Size; i++ {
+			hashAStr += fmt.Sprintf("%#x", ctrA.Hash[i])
+			if i != util.Uint160Size-1 {
+				hashAStr += ", "
+			}
+		}
+
+		// Contract B has a method that calls contract's A and another update method that
+		// calls contract's A after B's update.
+		srcB := `package contractB
+		import (
+			"github.com/nspcc-dev/neo-go/pkg/interop"
+			"github.com/nspcc-dev/neo-go/pkg/interop/contract"
+			"github.com/nspcc-dev/neo-go/pkg/interop/native/management"
+		)
+		func CallRetOne() int {
+			res := contract.Call(interop.Hash160{` + hashAStr + `}, "retOne", contract.All).(int)
+			return res
+		}
+		func Update(nef []byte, manifest []byte) int {
+			management.Update(nef, manifest)
+			res := contract.Call(interop.Hash160{` + hashAStr + `}, "retOne", contract.All).(int)
+			return res
+		}`
+		ctrB := neotest.CompileSource(t, acc.ScriptHash(), strings.NewReader(srcB), &compiler.Options{
+			Name:               "contractB",
+			NoEventsCheck:      true,
+			NoPermissionsCheck: true,
+			Permissions: []manifest.Permission{
+				{
+					Contract: manifest.PermissionDesc{Type: manifest.PermissionHash, Value: ctrA.Hash},
+					Methods:  manifest.WildStrings{Value: []string{"retOne"}},
+				},
+				{
+					Methods: manifest.WildStrings{Value: []string{"update"}},
+				},
+			},
+		})
+		e.DeployContract(t, ctrB, nil)
+		ctrBInvoker := e.ValidatorInvoker(ctrB.Hash)
+
+		// ctrBUpdated differs from ctrB in that it has no permission to call retOne method of ctrA
+		ctrBUpdated := neotest.CompileSource(t, acc.ScriptHash(), strings.NewReader(srcB), &compiler.Options{
+			Name:               "contractB",
+			NoEventsCheck:      true,
+			NoPermissionsCheck: true,
+			Permissions: []manifest.Permission{
+				{
+					Contract: manifest.PermissionDesc{Type: manifest.PermissionHash, Value: ctrA.Hash},
+					Methods:  manifest.WildStrings{Value: []string{}},
+				},
+				{
+					Methods: manifest.WildStrings{Value: []string{"update"}},
+				},
+			},
+		})
+
+		// Call to A before B update should HALT.
+		ctrBInvoker.Invoke(t, stackitem.Make(1), "callRetOne")
+
+		// Call to A in the same context as B update should HALT.
+		n, err := ctrBUpdated.NEF.Bytes()
+		require.NoError(t, err)
+		m, err := json.Marshal(ctrBUpdated.Manifest)
+		require.NoError(t, err)
+		if shouldUpdateFail {
+			ctrBInvoker.InvokeFail(t, "System.Contract.Call failed: disallowed method call", "update", n, m)
+		} else {
+			ctrBInvoker.Invoke(t, stackitem.Make(1), "update", n, m)
+		}
+
+		// If contract is updated, then all to A after B update should FAULT (manifest
+		// is updated, no permission to call retOne method).
+		if !shouldUpdateFail {
+			ctrBInvoker.InvokeFail(t, "System.Contract.Call failed: disallowed method call", "callRetOne")
+		}
+	}
+
+	// Pre-Domovoi behaviour: an updated contract state is used for permissions check.
+	check(t, func(cfg *config.Blockchain) {
+		cfg.Hardforks = map[string]uint32{
+			config.HFDomovoi.String(): 100500,
+		}
+	}, true)
+
+	// Post-Domovoi behaviour: an executing contract state is used for permissions check.
+	check(t, func(cfg *config.Blockchain) {
+		cfg.Hardforks = map[string]uint32{
+			config.HFDomovoi.String(): 0,
+		}
+	}, false)
+}
+
 func TestLoadToken(t *testing.T) {
 	bc, acc := chain.NewSingle(t)
 	e := neotest.NewExecutor(t, bc, acc, acc)

pkg/network/server.go

@@ -44,13 +44,12 @@ const (
 )
 
 var (
-	errAlreadyConnected    = errors.New("already connected")
-	errIdenticalID         = errors.New("identical node id")
-	errInvalidNetwork      = errors.New("invalid network")
-	errMaxPeers            = errors.New("max peers reached")
-	errServerShutdown      = errors.New("server shutdown")
-	errInvalidInvType      = errors.New("invalid inventory type")
-	errBlocksRequestFailed = errors.New("blocks request failed")
+	errAlreadyConnected = errors.New("already connected")
+	errIdenticalID      = errors.New("identical node id")
+	errInvalidNetwork   = errors.New("invalid network")
+	errMaxPeers         = errors.New("max peers reached")
+	errServerShutdown   = errors.New("server shutdown")
+	errInvalidInvType   = errors.New("invalid inventory type")
 )
 
 type (
@@ -513,17 +512,10 @@ func (s *Server) run() {
 			if s.peers[drop.peer] {
 				delete(s.peers, drop.peer)
 				s.lock.Unlock()
-				if errors.Is(drop.reason, errInvalidInvType) || errors.Is(drop.reason, errStateMismatch) || errors.Is(drop.reason, errBlocksRequestFailed) {
-					s.log.Warn("peer disconnected",
-						zap.Stringer("addr", drop.peer.RemoteAddr()),
-						zap.Error(drop.reason),
-						zap.Int("peerCount", s.PeerCount()))
-				} else {
-					s.log.Info("peer disconnected",
-						zap.Stringer("addr", drop.peer.RemoteAddr()),
-						zap.Error(drop.reason),
-						zap.Int("peerCount", s.PeerCount()))
-				}
+				s.log.Warn("peer disconnected",
+					zap.Stringer("addr", drop.peer.RemoteAddr()),
+					zap.Error(drop.reason),
+					zap.Int("peerCount", s.PeerCount()))
 				if errors.Is(drop.reason, errIdenticalID) {
 					s.discovery.RegisterSelf(drop.peer)
 				} else {
@@ -801,7 +793,7 @@ func (s *Server) requestBlocksOrHeaders(p Peer) error {
 	}
 	err := s.requestBlocks(bq, p)
 	if err != nil {
-		return fmt.Errorf("%w: %w", errBlocksRequestFailed, err)
+		return err
 	}
 	if requestMPTNodes {
 		return s.requestMPTNodes(p, s.stateSync.GetUnknownMPTNodesBatch(payload.MaxMPTHashesCount))
@@ -1353,7 +1345,7 @@ func (s *Server) handleMessage(peer Peer, msg *Message) error {
 	if peer.Handshaked() {
 		if inv, ok := msg.Payload.(*payload.Inventory); ok {
 			if !inv.Type.Valid(s.chain.P2PSigExtensionsEnabled()) || len(inv.Hashes) == 0 {
-				return fmt.Errorf("%w: %s", errInvalidInvType, inv.Type.String())
+				return errInvalidInvType
 			}
 		}
 		switch msg.Command {

pkg/services/oracle/request.go

@@ -157,11 +157,6 @@ func (o *Oracle) processRequest(priv *keys.PrivateKey, req request) error {
 				resp.Code = transaction.Error
 			}
 		case neofs.URIScheme:
-			if len(o.MainCfg.NeoFS.Nodes) == 0 {
-				o.Log.Warn("no NeoFS nodes configured", zap.String("url", req.Req.URL))
-				resp.Code = transaction.Error
-				break
-			}
 			ctx, cancel := context.WithTimeout(context.Background(), o.MainCfg.NeoFS.Timeout)
 			defer cancel()
 			index := (int(req.ID) + incTx.attempts) % len(o.MainCfg.NeoFS.Nodes)

pkg/wallet/regenerate_test.go

@@ -278,6 +278,7 @@ func TestRegenerateCLIWallet1_solo(t *testing.T) {
 	hash := state.CreateContractHash(acc3.PrivateKey().GetScriptHash(), nefFile.Checksum, m.Name)
 	acc4.Address = address.Uint160ToString(hash)
 	acc4.Contract = &Contract{
+		Script:     nefFile.Script,
 		Deployed:   true,
 		Parameters: []ContractParam{},
 	}