Checking Permissions

Mar 12, 2024 11:28:29 PM

Transfer Authentication

The first detail to consider when implementing the transfer method is to check if the transaction is signed by the account that is sending the funds.

authentication is done by checking transaction signers. Use CheckWitness to verify if an account has signed the transaction.

The extension uses the dev1 account when sending transactions.

Using CheckWitness

The CheckWitness method receives the account script hash as a parameter and returns true if the account has signed the transaction. This feature is part of the Runtime interop package.

Witness is a common term in blockchain technology, used to refer to user-generated data that is used to verify the of a transaction.

The following lines of code check if the transaction is signed by the account that is sending the funds:

The system will look for the signature of the from_address account in the transaction. If the signature is not found, the method will return false.

Sending an Invalid Transfer

By default, the extension will sign the transaction using the dev1 account. To make sure the transfer method is checking the transaction signature, we are going to send a transaction signed by a different account.

Run the transfer method by pressing Run. Select the second account as the first parameter and the first account as the second parameter. Set the amount to 100 and press enter.

Note that despite the transaction returning false, the transaction was executed and had a cost. All transactions must pay fees in $GAS, even if the transaction fails.

Making a Valid Transfer

Repeat the test, but now use the dev1 account as the first parameter and dev2 as the second parameter. Set the amount to 100 and press enter.

You should see the following output:

The transaction should return true and the Transfer event should be fired. The transfer is valid because the extension signed the transaction using the dev1 account.

Next, let’s understand the details of the transfer method.