Checking Permissions

Apr 29, 2024 11:46:57 PM

Transfer Authentication

The first detail to consider when implementing the transfer method is to check if the transaction is signed by the that is sending the funds.

authentication is done by checking transaction signers. Use CheckWitness to verify if an account has signed the transaction.

Using CheckWitness

The CheckWitness method receives the as a parameter and returns true if the account has signed the transaction. This feature is part of the Runtime interop package.

Witness is a common term in , used to refer to user-generated data that is used to verify the authenticity of a transaction.

The following lines of code check if the transaction is signed by the account that is sending the funds:

Coin.py

The system will look for the of the from_address account in the transaction. If the signature is not found, the method will return false.

Sending an Invalid Transfer

By default, the extension will sign the transaction using the dev1 account. To make sure the transfer method is checking the transaction signature, we are going to send a transaction signed by a different account.

Run the transfer method by pressing Run. Select the second account as the first parameter and the first account as the second parameter. Set the amount to 100 and press enter.

Note that despite the transaction returning false, the transaction was executed and had a cost. All transactions must pay fees in $GAS, even if the transaction fails.

Making a Valid Transfer

Repeat the test, but now use the dev1 account as the first parameter and dev2 as the second parameter. Set the amount to 100 and press enter.

You should see the following output:

The transaction should return true and the Transfer event should be fired. The transfer is valid because the extension signed the transaction using the dev1 account.

Next, let’s understand the details of the transfer method.