Neo: System.Contract.CallEx

Created on 14 Dec 2019  路  7Comments  路  Source: neo-project/neo

Summary or problem description
Currently, we use System.Contract.Call to invoke a contract. But sometimes, we need to put some restrictions on the call. For example, we require that the called contract cannot call other contracts (no sub-calls); or we require that the called contract cannot modify the state (read-only mode).

Do you have any solution you want to propose?
I introduce a new SYSCALL: System.Contract.CallEx. It is very similar to System.Contract.Call. But it accepts an additional parameter to pass those restrictions on the call.

c# object CallEx(UInt160 hash, string method, object[] args, CallFlags flags);

Neo Version

  • Neo 3

Where in the software does this update applies to?

  • Other
discussion
Source
picture erikzhang
👍3

Most helpful comment

I can do it after https://github.com/neo-project/neo/pull/1362

picture shargon on 15 Dec 2019
👍21

All 7 comments

Very interesting proposal @erikzhang ... reminds me of https://github.com/neo-project/neo/issues/446 which was after converted to Scoped Witnesses, as it focus on user perspective rather contract-defined. Yet, this can also be used in benefit of users, as Entry may specific a certain call that disables "features", such as dyn invoke, perhaps storage... etc.

In this sense, what features should we allow disabling on flags? I think at least:

  • dynamic invocations
  • storage writes
  • storage reads (disable storage)
  • static variables (make them constant)
  • payable conditions on general
  • what else?
igormcoelho picture igormcoelho on 14 Dec 2019
👀11 👍1

It's a very good idea

shargon picture shargon on 14 Dec 2019

Who want to implement this?

erikzhang picture erikzhang on 15 Dec 2019
👍1

I can do it after https://github.com/neo-project/neo/pull/1362

shargon picture shargon on 15 Dec 2019
👍21

I wonder whether we should restrict the callee's use of storage, subcall, notify. Or do we have an example that really needs this.

 public enum CallFlags : byte
 {
       None = 0,

       AllowModifyStates = 0b00000001,
       AllowCall = 0b00000010,
       AllowNotify = 0b00000100,

       All = AllowModifyStates | AllowCall | AllowNotify
}

If it is for the security, I think it would be more reasonable to move the constraint to the manifest. If not, there is no need for the caller to concern about the callee's implementation.

Tommo-L picture Tommo-L on 17 Dec 2019

It is for contracts. It is hard for a contract to read manifest before calling another contract.

erikzhang picture erikzhang on 17 Dec 2019

There are different protections. Manifest level, and contract level.

shargon picture shargon on 17 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

erikzhang picture erikzhang  路  42Comments
erikzhang picture erikzhang  路  31Comments
lock9 picture lock9  路  62Comments
superboyiii picture superboyiii  路  30Comments
brianlenz picture brianlenz  路  37Comments