core: vm: modify randomness calculation algorithm (#173)

The original algorithm used for calculating algorithm is vulnerable to
cross context re-entry attack. Example as follows:

    contract B {
      event Value(uint256 value);
      uint256 public value;
      function call() public {
        value = rand;
        emit Value(value);
      }
    }
    contract A {
      function randTwice(address bAddr) public {
         B b = B(bAddr);
         b.call.gas(100000)();
         b.call.gas(100000)();
      }
    }

The two `b.call` will result in the same randomness value. This commit
fix the issue by recording a called index used to store how many times
opRand is called, and use it as argument to the Keccak call.

0 files changed, 0 insertions, 0 deletions