I have a frontend in JavaScript and a backend in Java.
I let the user sign a raw transaction with his private key in the frontend with web3js. Afterwards the signed transaction is returned to the Java backend and the backend broadcasts the transaction via a parity instance.
I am afraid of hackers, who can manipulate the raw transaction within their browser in JavaScript, before signing it. In this way they could change the amount that is being sent. Is there a way to extract the amount which will be sent from a signed transaction with web3j?
If yes, I could check that value again before broadcasting the signed transaction.
If its important somehow, it is a token transaction, not an ETH transaction.
Well this requires a bit of cryptography understanding.
In private / public key pair cryptography, "signing" is basically the only case where you encrypt with the private key and you decrypt with the pub key. If you manage to decrypt it means the signature is valid because whoever that pub key belongs too, it's definitely who signed the content.
So, if you have the pub key you can decrypt a "signed" transaction.
Now, if you are worried about hackers and security, holding keys on the client side and in memory is not good practice. So if this is a serious project you might want to revisit your approach.
Related
I am planning out a new project in which I need to connect one particular Fiat payment gateway to my smart contract. I don't want to have a system with a centralized backend, so I am exploring the possibility to use Chainlink to communicate with API and then pass response to my smart contract. I know that Chainlink allows any contract to access any external data source through their decentralized oracle network. The problem is I can't approximate how much LINK it will cost me to get a response from 1 oracle. Is there some average cost of a 1 response from an oracle and what determines such cost
I tried to look up this information, but it does not seem that this topic is discussed much. Also probably I didn't look in the right place
The problem is I can't approximate how much LINK it will cost me to
get response from 1 oracle.
Nobody can. When you make a request to oracle, you are calling a smart contract function and this will cost you gas which varies depending on the congestion in the system. if system is busy, it will cost more gas. Also when you interact with the chainlink, you are actually passing data to chainlink smart contract which makes some calculations, so you pay for those gas too.
Calling one oracle is sending a request to one oracle. oracle is a chainlink node operator, and it set its own price. But sending a request to only one node is not a decentralized approach even though each node have multiple data resources. you should make a request to several nodes meaning that you need to pay each node operator. when you make a request to several nodes, you receive the average of those responses.
The service you want to use is Chainlink Any Api, and in the service the cost of LINK depends on the node operator you are using.
There is a fee required by node operator. When you send a request, you actually require Chainlink node to provide a service. Usually the service is not free and the fee of a request is set by the node operator. The fee varies across different node operators. If you are only a consumer to use service provided by node operators, you just need to check the fee of different node operators.
you, of course, also has to pay gas fee for your transaction, but that it it costed in ETH rather than LINK (as you asking how much LINK it will cost, I assume you know it).
If you are a node operator and want to run the service for yourself, you may want to consider the following 2 factors:
Congestion of the system mentioned by #Yilmaz. When the blockchain you are using is very busy, the gas price is high so that the more gas fee, which is the result of (gas price) x(gas limit), will be cost more.
The logic of fulfill function in your contract. Fulfillment function is the "callback" function of Chainlink Any Api. Oracle node will fetch the data demand in the request and then call the fulfill function in consumer contract. In fulfill function, logics varies from simply saving the data in a variable or doing some calculations. The more complex logics, the more gas limit required.
Hope it helps!
I am thinking of one thing for the transaction history data. Whether there is an API call, maybe RPC call or REST call, that we can query target wallet address transaction history? I am trying for making a wallet, I think if we can show users their transaction history, it is a good feature for the user experience.
For this question, there are maybe some ways:
Call Bcsscan or Ethereumscan API, directly.
Start your own server, subscribe to all events, and store them to DB and query events in DB.
Any other good ideas for this feature.
For method 2) Currently to extract the full address interaction history you need to walk through all blockchain blocks and then all transactions in those using EVM tracing.
For method 1) You can also get some details over Etherscan API, but please note that this is not an open-source product and you need to contact their paid product support to understand what data is available over their API and what are the API limitations.
I am studying blockchain with Ethereum, and I want to use past transaction data in the Smart contract using Solidity.
If I use Web3.js module in the program written in javascript, I can get these data easily.
But I can't get these data in the Smart contract using Solidity.
Reference of Solidity says that we can get current block number, blockhash, etc., by using "block.number" and "block.blockhash(uint blockNumber)" functions, but doesn't mention getting transaction data.
(http://solidity.readthedocs.io/en/latest/units-and-global-variables.html#special-variables-and-functions)
please help me.
The answer is simple. Unfortunately, you simply can’t access old transaction or block data onchain from Solidity. At most, you can access hashes of last 256 blocks (see blockhash in documentation )
Alternatively, as a workaround you could consider using Oraclize. Oraclize represents way to read offchain data onchain, so you could try to read transaction data from Etherscan web API. The way Oraclize works is that :
You request to Oraclize smart contract what data you want to fetch from internet (some URL)
Oraclize offchain servers then detect your on-chain request
The look up the data you wanted (they'll make some http request to the URL you provided)
Once they get response, they will send transaction to your contract (calling specific callback method) containing data you requested
With such approach however, you are relying that:
EtherScan is up and running
Oraclize is up un running.
If you only care about transaction data related to your smart contracts, another way would be to store that transaction data onchain. Maybe we could gave you some more suggestions if you tell us more about what specific problem are you solving.
How can I update the smartcontracts of my Truffle dapp which are deployed in the Ethereum blockchain?
Great answer found here.
From axic in Ethereum Stack Exchange site:
Contract code is immutable, the storage is mutable, but you cannot
execute code placed into storage, at least for now.
Bugfixes to contracts
As for bugfixes, the common pattern is to have proxy or lookup
contracts to be a gateway to the real one, which in case of a change
or bugfix would be replaced. Replacing it also means losing the old
storage contents.
Keeping storage
If you want the ability to upgrade code, while keeping storage, you
could think of separating storage and logic. Have a dedicated storage
contract, which accepts write calls from trusted addresses (e.g. the
logic contracts). All important storage should be associated with this
one.
Accessing storage after selfdestruct
As of today there is no real pruning implemented even in the case of
selfdestruct, but that should definitely come in the future. There are
several EIPs discussing this.
Even if pruning is implemented, it shouldn't happen in an instant and
you should be able to read storage from the last state. It is also
planned to have archive nodes to keep states indefinitely -- not sure
that is feasible without limitations just by judging at the growth of
the blockchain.
Redeploying at same address
In short: practically this is not possible. The contract addresses are
calculated from the sender and the nonce. The nonce is sequential,
there cannot be any gaps and there cannot be duplicates.
In theory it is possible to arrive at the same hash with a different
nonce and address combination, but the likelyhood is small.
When an OAuth 2.0 provider issues a token, is that token value forever unique to the provider? Or is it possible that sometime in the future, presumably after the token expires, another token, potentially for a different user, could be issued with the same value? In searching I found much information about tokens expiring, but no details about if that token value could potentially be re-used in the future.
There's nothing in the core OAuth 2 spec that guarantees this. It is implementation specific if there is a chance of collision or not. You should find out from your OAuth AS provider what the likelihood is. But agreed with Artem - this sounds odd if you are trying to uniquely identify users based on what is suppose to be just an API (access) token.
If you use something like UUID - it's time dependent and unique - so you should NOT make them reusable. Taking in account that you'll generate tokens in different instants of time - they all will be different.