I want to build a smart contract function, which use caller's password as params.
I have no knowledge about blockchain security, so I ask the following question:
When calling a smart contract function, do the params record on blockchain?
Further more, what information will record in blockchain if an address calls a function of a smart contract?
I think the logs emit by the events must record on blockchain, besides these, anything more?
I've learned before that a contract address calling leaves logs on blockchain, but an account address(EOA) calling doesn't. Is it true?
Function parameters are part of the transaction, which is part of the calldata. So calldata is also persisted. Eventhough it is persisted, that doesn't mean it is easily available. Calldata is not indexed, and is not available at runtime. But the data is available to the nodes (for sure to those who runs full node, not sure about the light nodes).
Calldata can be accessed by running a localnode, which means it is not available for any functions at runtime, the only calldata that is available at runtime is the parameters for that particular transaction.
So, if you call a function with a password parameter, someone somewhere can see it for sure.
Related
I have some functions that I'm trying to save gas on.
onlyOwner modifier is self explanatory.
This is related to a previous question that I had, where I noticed that address(this) is different from msg.sender in a given contract. Upon further reading I get the impression that address(this) is a hash of msg.sender, but the two are not considered the same. Is this correct?
Since address(this) is related to the owner address, is the owner address (msg.sender, set within the contract's constructor) considered different enough from the contract address address(this) so as to be considered external visibility?
// can the owner (set in the constructor) call this function once it is deployed on the blockchain?
function setXYZ(address _address) external onlyOwner returns (bool success) {
XYZ[_address] = 4;
return true;
}
Seems to work when I test it within my IDE, but I don't know if there is a difference in implementations between my test environment and the blockchain environment.
Upon further reading I get the impression that address(this) is a hash of msg.sender, but the two are not considered the same. Is this correct?
address(this) returns address of the currently executed contract. When a contract is deployed, it's assigned an address which is determined by hash of "the deployer address combined with other data". Once the contract address is assigned, it never changes.
On the other hand, msg.sender reflects address of whoever is currently executing the contract. So if Alice executes a function, msg.sender is her address - and if Bob executes the same function, msg.sender reflects his address.
As the OpenZeppelin Ownable code shows, the deployer address (msg.sender in constructor) becomes the initial owner.
And the onlyOwner modifier validates whether the current msg.sender is the owner. If they match - all good. If the currrent msg.sender is different from the owner, it reverts the transaction.
Seems to work when I test it within my IDE, but I don't know if there is a difference in implementations between my test environment and the blockchain environment.
This code will work the same on all EVM networks.
There are few very small differences between the EVM implementation in emulators and live networks (as well as between different live networks). But they mostly affect low-level features such as ordering of transactions in a block or gas usage optimizations.
I need to analyze blocks and txs to find if there is a transfer ETH to address from my list. When some user makes a direct transfer it is clear, I can check to parameter of the transaction. But sometimes users execute smart contracts which transfer ETH to address from my list, in this case to is the address of the smart contract, so I can't match it with my list. Is there a way to handle such cases?
If you mean something like an "internal tx" of a forwarding contract like this example. Which does a value call (address.call()()). Then there is no way of knowing the final destination with tracing the transaction. Alternatively some contracts could emit an event or in the case of forwarding contracts, you could read the 'parentAddress' set during contract init.
Etherscan parses the trace for you so you can see those internal transfers afaik (see example above).
I do not have much experience with Solidity programming. I want to create a smart contract for a new digital asset, say Cryptodoggies. I want to know if there is a way to prevent users from being able to resell/transfer their cryptodoggies.
You could have a variable (boolean I think would be more suitable) on your contract and use it in an access modifier for the transfer function so that the transfer function would require for this variable to be true. Then by making this variable false (by a function accessible only to you) you can stop users from transferring coins. Of course, this modifier would have to be used for every function that enables users to transfer tokens.
It would be something like that pausable ERC-20 from openzeppelin. You can find it here.
When I publish a new smart contract to the Ethereum blockchain, I want to notify another contract about it.
Is there any option to do that? For example, to send transaction automatically when contract reaches the blockchain.
No, but Yes.
It wouldn't be possible to notify a contract about any contract created, and I don't see an obvious way to notify about all contracts created by a specific user.
But, there's a way to notify a contract about all instances of a certain species of contract. I suspect this is a reasonable assumption, because the interested contract is probably only interested in a certain type(s) of contract.
You would implement a factory pattern and get it to deploy the instances. The function that does the deployment would be responsible for required notifications.
Hope it helps.
So lets call E your existing contract. Ensure it has a method that we can call notify for instance. When you create your new contract, from the constructor (called when it gets deployed) then call the notify method of E.
Currently I'm trying to learn ethereum and smart contract. I read this tutorial: Dapps for beginners
I'm just wondering now, if I have to call everytime a function from a contract (as in the tutorial above) or is it possible that a specific function is executed when I just transfer some ethereum to that contract address?
Example:
I execute the code below, and the receiver address is also a address with a contract. One specific function should now be executed at the receiver function.
eth.sendTransaction({from:sender, to:receiver, value: amount})
You should create a nameless payable function in your smart contract.
This will then be the default function to execute if someone sends a raw transaction at your contract's address.
function() payable public {
}
Also, the other answer here states that you need to know the contract ABI to communicate with contracts but this is not true.
You need to know the contract address, the function name and the input and output parameter types. (You could use Web3's method.call or method.sendTransaction to send the encoded data in the transaction object and interact with the contract.)
The ABI may have this information, but the ABI is not required itself.
You can only communicate with contracts if you know the ABI which is the application binary interface.
In general, an ABI is the interface between two program modules, one of which is often at the level of machine code. The interface is the de facto method for encoding/decoding data into/out of the machine code. In ethereum, it's basicly how you can encode solidity contracts for the EVM and backwards how to read the data out of transactions.
If you have the JSON ABI of a contract, you still have to decide if you want to make calls or transactions. The difference between a call and a transaction is the following:
Transactions are created by your client, signed and broadcasted to the network. They will eventually alter the state of the blockchain, e.g., by manipulating balances or values in smart contracts.
Calls are only executed locally on your computer and not broadcasted to the network, e.g., a dry run.
Calls are usefull for debugging smart contracts as they do not cost transaction fees or gas.
So if you only send a transaction to a contract without using any interface, you wont be able to execute any code on the contract.