core: vm: more change to the randomness calculation (#175)

To prevent attacker from sending TX through a intermediate contract. Always use the original tx sender's adddress and nonce.
author: Wei-Ning Huang <w@dexon.org> 2019-01-25 12:52:26 +0800
committer: Wei-Ning Huang <w@byzantine-lab.io> 2019-06-12 17:27:21 +0800
commit: ef3bd319b0eb42d4d00cf9536b1e7264be097784 (patch)
tree: c9452442604732e25feb5db44ab657f9e065ee29 /core
parent: 730751e28ee246c7ba082e2d10e782408fbadda8 (diff)
download: go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar
go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.gz
go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.bz2
go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.lz
go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.xz
go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.zst
go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/core/vm/instructions.go b/core/vm/instructions.go
index 3d17287ed..cb1f1bbaa 100644
--- a/core/vm/instructions.go
+++ b/core/vm/instructions.go
@@ -413,9 +413,9 @@ func opSha3(pc *uint64, interpreter *EVMInterpreter, contract *Contract, memory
 func opRand(pc *uint64, interpreter *EVMInterpreter, contract *Contract, memory *Memory, stack *Stack) ([]byte, error) {
 	evm := interpreter.evm
 
-	nonce := evm.StateDB.GetNonce(contract.Caller())
-	binaryNonce := make([]byte, binary.MaxVarintLen64)
-	binary.PutUvarint(binaryNonce, nonce)
+	nonce := evm.StateDB.GetNonce(evm.Origin)
+	binaryOriginNonce := make([]byte, binary.MaxVarintLen64)
+	binary.PutUvarint(binaryOriginNonce, nonce)
 
 	binaryUsedIndex := make([]byte, binary.MaxVarintLen64)
 	binary.PutUvarint(binaryUsedIndex, evm.RandCallIndex)
@@ -424,8 +424,8 @@ func opRand(pc *uint64, interpreter *EVMInterpreter, contract *Contract, memory
 
 	hash := crypto.Keccak256(
 		evm.Randomness,
-		contract.Caller().Bytes(),
-		binaryNonce,
+		evm.Origin.Bytes(),
+		binaryOriginNonce,
 		binaryUsedIndex)
 
 	stack.push(interpreter.intPool.get().SetBytes(hash))
author	Wei-Ning Huang <w@dexon.org>	2019-01-25 12:52:26 +0800
committer	Wei-Ning Huang <w@byzantine-lab.io>	2019-06-12 17:27:21 +0800
commit	ef3bd319b0eb42d4d00cf9536b1e7264be097784 (patch)
tree	c9452442604732e25feb5db44ab657f9e065ee29 /core
parent	730751e28ee246c7ba082e2d10e782408fbadda8 (diff)
download	go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.gz go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.bz2 go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.lz go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.xz go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.tar.zst go-tangerine-ef3bd319b0eb42d4d00cf9536b1e7264be097784.zip