-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix constructor arguments verification #1790
fix constructor arguments verification #1790
Conversation
Pull Request Test Coverage Report for Build 7a1d07b1-813f-4aed-9cab-14ab29dae27e
💛 - Coveralls |
arguments_data = String.replace(arguments_data, "0x", "") | ||
creation_input_data = Chain.contract_creation_input_data(address_hash) | ||
|
||
expected_arguments_data = | ||
creation_input_data | ||
|> String.split(bytecode) | ||
|> String.split("0029") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not well-versed enough in smart contracts, so here's a dumb question: is there a possibility of a false positive (i.e. arguments containing 0029
fragment) and splitting the data at a wrong place?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is 100% possible as I was just noticing a few contracts where this occurred. I'll try to find some examples and post here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see this contract: https://etherscan.io/address/0x64d14595152b430cf6940da15c6e39545c7c5b7e#code
Constructor:
000000000000000000000000802275979b020f0ec871c5ec1db6e412b72ff20b000000000000000000000000f5a38fbc26c720c79350b99d9c0bd42b3e9b83160000000000000000000000002929e21109901461659c0f26ad7f0e7633ea6539000000000000000000000000431f429035a1e3059d5c6a9a83208c6d3143d925
The 3rd argument 0000000000000000000000002929e21109901461659c0f26ad7f0e7633ea6539
contains 0029
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a thought, since we're receiving the constructor arguments from the user why not subtract them from the bytecode leaving us the correct creation code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@acravenho bytecode provided by a user doesn't contain constructor arguments. or are you talking about subtracting constructor arguments from transaction input data?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@acravenho @goodsoft I updated my PR. Can you please try it? Now, I'm removing source code from transaction data and then I'm checking constructor arguments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ayrat555 During the verification process the constructor arguments are supplied by the end user. eth_getCode
which is used to obtain the bytecode should also contain this data appended at the bottom.
fixes #1786
Motivation
Currently, we're assuming that constructor arguments are concatenated with contract code in transaction input data. But some transactions have additional data between source code and constructor arguments in transaction input
Changelog