-
Notifications
You must be signed in to change notification settings - Fork 4
'Fake tokens' problem description
A 'fake tokens' problem was discovered and repaired for the Assets CC contract.
The Assets CC contract was developed for creating tokens representing some assets value. A user may create some amount of tokens sending some value from his normal inputs to his cryptocondition address. This txid becomes token id and it is put into opretun vout. Further these tokens maybe sent to other cc addresses. It is important that total token value is unchanged and no additional tokens are added from other normal UXTOs or no tokens are leaked.
It is found that if, after creating tokens, someone sends some value from normal inputs to some Assets contract cc address and formats opreturn in appropriate way then the Assets contract validation code would not prevent this value from spending (without some additional validation algorithm) - see the picture.
For simplification of solving this problem (the problem's localization) the Assets contract has been split into Tokens and Assets contracts. The Tokens contract is the place where all tokens live and in the Assets contract current DEX functionality remains. Other contracts working with tokens are also supposed to use this new Tokens contract.
The fake token detection algorithm is added to Tokens contract validation code.
Its purpose is to provide that for tx being validated all input transactions' token vouts are also only fed from token inputs. For this it selects all validated transaction's cc vins with token eval code, loads corresponding incoming transactions (vintx) and validates that for each vintx sum of its token vouts is equal to sum of token inputs. The validation algorithm is depicted on the picture below:
The initial token creation tx is treated as the special case.
If a fake tx (that is a tx for which token inputs != token outputs) is found among the validated transaction's vintx during the validation, the validated transaction is invalidated. Token rpc functions creating token transactions simply ignore such fake uxto, not adding them as cc inputs.