Workshop Task 2
Task 2: Signed View Calls
This is important you saw earlier in our code that contracts here we store the author and
we take this message sender
There are two ways to communicate with smart contracts. One is the smart contract transactions that are stored on public Ledger and for those you also need to pay some gas fee in order for them to to to be computed and processed but then there’s another way the view calls. It’s only a read only call you can call a smart contract it’s a read only call, it happens locally inside a compute node it doesn’t write anything it just reads and then immediately gives you the result back
This is special because you can also encrypt view calls of course because you don’t want to have the node operator access to your call data and the response and Oasis sapphire is special in this regard is that this message sender object will always correspond to the one who initiated the contract view call. For this reason the contract views need to be signed and if it’s unsigned the Oasis sapphire will just set this message sender field to zero, it will know to nullify it
Task 2: Impersonation
How does ethereum do it?
In ethereum you can set the message sender by Design to any value you want so you can impersonate someone else and call transaction call view calls in someone else’s name and this is something we want to prevent.
To summarize basically you can rest assure that the message sender will always equal to the caller or if it’s a transaction then the transaction is signed anyway and it also matches the caller in ethereum but if it’s a view call then in sapphire you can rest assure that this is the one who is calling that because the The View call is signed and if the view call is not signed, it wanted to impersonate someone else, then the messageSender will be zero regardless of which value the caller set this value to and if it’s an internal transaction, call internal smart contract call then the message sender equals the caller of the function.
This is the same as in ethereum right so if you have a contract that calls someone else’s function then the message sender will be the one from the original contract who initiated the the call and not the the one who broadcast the transaction
Task 2: View Calls & Impersonation
Let’s Force the message that it Returns the message only if the one who requests it is the author of the message. This is pretty straightforward but one thing we need to do is that the message will now be private
so something like this.
If message sender does not equal the author of the message then we will you know panic we will revert and say something like, “not allowed” otherwise we return the message
This return will be reachable when the one who asks for the message is the author okay this should be it and now let’s see in our hardhat I think we already use the signed version yeah this is the signed version because we just use the original signer here so if we just try to deploy this
Awesome, this new contract is now deployed, let’s write a message set message okay but we need to use the new address. The new address is this one so this is now a confidential hello world put it this way hello world
Awesome! and then if we want to receive the message it should work and this message call will be signed using this key so the smart contract will know that our author matches the the private key we signed the transaction with and this is the content confidential Hello world but
if we use the unwrapped transaction so the original ethereum transaction which is not signed
let’s use the code here
not allowed exception okay
This is a proof that if we executed The View calls which are not signed that the message.Sender will be nullified and this condition here then fails
This is a nice way to do the access control and also to avoid this gas cost attack.
The first thing you do is check that the the the query was sent by the allowed author then anyone you know without the permission can do whatever they want but they will never be able to extract more information of the how your contract behaves, what’s the data stored inside the contract and so on