From c69f8a2fa3b5c47f85bf625abb95959090b85248 Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <evgeniy@nspcc.ru>
Date: Tue, 9 Jun 2020 16:24:03 +0300
Subject: [PATCH] core: check for permission in System.Contract.Call(Ex)

---
 pkg/core/interop/context.go |  9 ---------
 pkg/core/interop_system.go  | 17 +++++++++++++----
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/pkg/core/interop/context.go b/pkg/core/interop/context.go
index 0fdd8cb57..c9c833e99 100644
--- a/pkg/core/interop/context.go
+++ b/pkg/core/interop/context.go
@@ -88,15 +88,6 @@ type ContractMD struct {
 	Methods     map[string]MethodAndPrice
 }
 
-// GetContract returns script of the contract with the specified hash.
-func (ic *Context) GetContract(h util.Uint160) []byte {
-	cs, err := ic.DAO.GetContractState(h)
-	if err != nil {
-		return nil
-	}
-	return cs.Script
-}
-
 // NewContractMD returns Contract with the specified list of methods.
 func NewContractMD(name string) *ContractMD {
 	c := &ContractMD{
diff --git a/pkg/core/interop_system.go b/pkg/core/interop_system.go
index 5e8435ce1..1ac2948d7 100644
--- a/pkg/core/interop_system.go
+++ b/pkg/core/interop_system.go
@@ -484,12 +484,21 @@ func contractCallExInternal(ic *interop.Context, v *vm.VM, h []byte, method stac
 	if err != nil {
 		return errors.New("invalid contract hash")
 	}
-	script := ic.GetContract(u)
-	if script == nil {
+	cs, err := ic.DAO.GetContractState(u)
+	if err != nil {
 		return errors.New("contract not found")
 	}
-	// TODO perform flags checking after #923
-	v.LoadScript(script)
+	bs, err := method.TryBytes()
+	if err != nil {
+		return err
+	}
+	curr, err := ic.DAO.GetContractState(v.GetCurrentScriptHash())
+	if err == nil {
+		if !curr.Manifest.CanCall(&cs.Manifest, string(bs)) {
+			return errors.New("disallowed method call")
+		}
+	}
+	v.LoadScript(cs.Script)
 	v.Estack().PushVal(args)
 	v.Estack().PushVal(method)
 	return nil