neo
neo copied to clipboard
neo-project
Oracle response breaks CalledByEntry witness scope
Describe the bug
CheckWitness logic for oracle responses uses original transaction's signers list. If we have a transaction with a signer using CalledByEntry scope it would work fine for CONTRACT_A with an evaluation stack of ENTRY_SCRIPT -> CONTRACT_A, but if CONTRACT_A is to make an oracle request, then for oracle response we'd get ORACLE_RESPONSE_SCRIPT -> ORACLE_CONTRACT -> CONTRACT_A evaluation stack and CalledByEntry scope would no longer work for CONTRACT_A.
Expected behavior
Supposedly signer scopes should work the same way they're for original transaction that generated an oracle request (side note: this was never a problem for #1584 design). This can probably be solved with additional request metadata saved by the oracle contract and used by CheckWitness logic.
If I'm a CONTRACT_A user (caller), how do I know when should I use CalledByEntry or CustomContracts? I have no idea what's going on inside of it and usually I'm just using CalledByEntry because it's the simplest thing to do and it works. Until it doesn't.
BTW, this can probably be solved if we're to modify the entry script and finish method. Currently finish invokes callback directly, but it can instead return contract hash, method and arguments to the entry script and then entry script will do the actual call. The only problem is that the contract needs to check if it's invoked by Oracle contract or not, but it still could do that just checking for this well-known entry script hash (it could even be provided by Oracle contract via some method) instead of Oracle contract hash.
A counter-example: Entry -> A -> B -> Oracle with CalledByEntry scope and callback in B.
I have no idea what's going on inside of it and usually I'm just using CalledByEntry because it's the simplest thing to do and it works. Until it doesn't.
We can throw an error detectable for wallets, in order to ask the user if the want to add this contracts to CustomContracts
