By: Igor M. Coelho and Vitor N. Coelho
Multiple paths were possibly found. A reward has been offered to the backpacker who could discover which path should be taken in an intersection. Due to the connection and possible use cases on Ontology, which is an ecosystem being designed for multi-language and cross-chain interactions, some ONT tokens were made available. Following the tradition, this mission has been released for 48 hours and known by many blockchain experts (check call), but nobody took it. So it deserves the title of Mission Impossible IV.
Here, the idea was to exploit analysis that could lead the chain to break. The idea/concept of breakage discussed here is dealt in the context of different clients understanding a transaction in different manners. In particular, Neo is a multi-cultural project and, as consequence, its current available tools are nowadays interconnected in a multi-language manner. NeoResearch Community contributed for the insights presented here. Their is on improvements and the development of cutting edge technologies, but, since several tools developed by the community are considered, different challenges are faced and tackled by them during their researching journey. In this episode, we gonna show how neo-python clients, can see the chain differently from the original c# neo based ones + neo-cli While it does not represent any vulnerability or problem in projects deploy on the MainNet, we would like to increase awareness about these issues. CheckWitness Chain Break
Here is a simple example (the same code can be produced in C#):
from boa.interop.Neo.Runtime import Notify, CheckWitness from boa.interop.Neo.Storage import Get, Put, Delete, GetContext from boa.interop.Neo.Runtime import Notify def Main(): OWNER=b'031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a' result = CheckWitness(OWNER) if result: print("OWNER is caller..") Put(GetContext(), "test", "This is Python!"); return True else: print("OWNER is not caller..") Put(GetContext(), "test", "This is C#!"); return True return False
When this contract a contract with this characters is deployed, different storage values will be reported by the neo-cli RPC or neo-python. This is current happens due to a simple line that allow public address with 66 or 44 lenght. Something that returns false in the original Neo library design. Multiples paths:
2) Contract return type as void, possibly bigIntenger problems Previous insights:
This is another issue currently exploited that makes the neo-python understand the storage from the blockchain differently than the original design. Considerations It is noteworthy that Neo achieved a high level of development, counting with experts from different/distinct fields. The Ecosystem currently represents a state-of-the-art in the field of Blockchain and Fully Distributed communication between agents. On the other hand, with the flexibility proportionate by the brilliant design, developers should be attentive when testing their contracts. Neo promotes an unique environment for the use of Dapps, with a paradigm that proportionate the growth of projects not possible to be implemented/deployed before. Finally, we would like to communicate that NeoResearch is doing huge efforts towards a platform that will automatically test some of the aforementioned points.
Previous Mission Impossible challenges/insights: