Neo: `SafeMethods` never checked in `ApplicationEngine`

Created on 4 Dec 2020 · 4Comments · Source: neo-project/neo

Describe the bug
In Neo3 a Contract's Manifest defines SafeMethods array of methods which are "safe". But I don't see anywhere in the ApplicationEngine where SafeMethods is checked when a smart contract method is called.

Where, if anywhere, is SafeMethods used/checked when a smart contract method is called?

I would think that we would check if a method is "safe" around here: https://github.com/neo-project/neo/blob/e835631e5491608805789f334392bf9c8fbb9107/src/neo/SmartContract/ApplicationEngine.Contract.cs#L135.

It's possible that I'm missing something or that I misunderstand what SafeMethods is supposed to mean or be used for. If so, please let me know.

To Reproduce
Not applicable.

Expected behavior
Expect ApplicationEngine to call the method if it is a "safe" method, without checking permissions.

Screenshots
None.

Platform:
Not applicable.

(Optional) Additional context
We are working on our smart contract compiler and need to know how SafeMethods will be used by the NeoVM.

Source

spencercorwin

Most helpful comment

Originally it was for user interface, but I think that it can be used by the core, please check https://github.com/neo-project/neo/pull/2120

shargon on 4 Dec 2020

👍2

All 4 comments

Thanks for reminding about that! We've had a similar question and actually have this code in neo-go:

func (m *Manifest) CanCall(hash util.Uint160, toCall *Manifest, method string) bool {
    // this if is not present in the original code but should probably be here
    if toCall.SafeMethods.Contains(method) {
        return true
    }

See #1664 also.