-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Verification trigger to be called for all methods #8
Comments
The args passed to a |
Wallet clients can be configured to pass those args. Just create a witness where the invocation script pushes the args on the stack (as you would for invoking the smart contract) and the verification script is empty (i.e. a length 0 hex string equivalent). Then NEO will use the associated script hash as the app call (which you can construct such that it is the script hash of the contract): https://github.com/neo-project/neo/blob/f7c4d86b458b0ae11d69214227cee33938a8f7ca/neo/Core/Helper.cs#L65. |
I understand that. What I'm saying is that those args can't be trusted, as you can pass My preferred approach, which is less overhead on the network, is to only attach the script to be invoked during verification if you plan on doing a |
Ah, good point. But in that case, wouldn't that be an error (bug) by the wallet client? Even if we consider a malicious actor, the same verification should be performed during the I can understand the argument that we should attempt to reduce the load on the network - in that case, an alternative approach here would be to add a To be clear, in the end my goal is that wallet clients shouldn't have to know or special case certain methods for certain smart contracts. |
That makes sense.. it kind of bothers me that |
bitcon |
I haven't tested this, but as far as I understand it seems like wallet clients should only construct a transaction that triggers the smart contract during verification when
mintTokens
is called. Otherwise, it will run verification formintTokens
even though another method is actually the one being called.Instead, I propose that we change the verification trigger to also check the method invoked and only run the
can_exchange
verification if that method ismintTokens
. This way, clients can always trigger verification which has a few benefits:mintTokens
- i.e. this makes it more generalized and not specific to just NEP-5 ICO crowdsales.The text was updated successfully, but these errors were encountered: