Blockchain authentication is done by checking the transaction signers. The easiest form to check if a transaction is authorized is by using the
CheckWitness method. This method returns
true if that account has authenticated the transaction. The generation of valid signatures is done outside the smart contract. The smart contract only checks if the transaction is signed by the correct account.
The CheckWitness Method
Checking if an account has signed a transaction is done by using the
CheckWitness method. This method receives the account script hash as a parameter and returns a boolean value. This is the simplest way to check if an account has signed a transaction.
CheckWitness method is part of the
Runtime interop package.
Adding Transfer Authentication
To validate if the balance transfer is authorized, we need to check if
from_address has signed the transaction. To do that, we need to add the following code to the
The wallets and other applications are responsible for generating valid signatures. By default, the extension will sign the transaction using the first account from the .
Sending an Invalid Transfer
By default, the extension will sign the transaction using the first account from the wallet. To make sure the
transfer method is checking the transaction signature, we are going to send a transaction signed by a different account.
transfer method by pressing
Run. Select the second account as the first parameter and the first account as the second parameter. Set the amount to 100 and press enter.
Note that despite the transaction returning
false, the transaction was still executed and had a cost. All transactions that are stored on the
will have a cost, even if the transaction fails.
To finish the
COIN contract and make it compatible with the
standard, we need to update the
transfer method to check if the recipient is a smart contract. If the recipient is a smart contract, we need to check if the contract implements the
onNEP17Payment method. If the method is implemented, we need to call it.