Checking Permissions

Blockchain Authentication

Blockchain authentication is done by checking the transaction signers. The easiest form to check if a transaction is authorized is by using the CheckWitness method. This method returns true if that account has authenticated the transaction. The generation of valid signatures is done outside the smart contract. The smart contract only checks if the transaction is signed by the correct account.

The CheckWitness Method

Checking if an account has signed a transaction is done by using the CheckWitness method. This method receives the account script hash as a parameter and returns a boolean value. This is the simplest way to check if an account has signed a transaction. The CheckWitness method is part of the Runtime interop package.

Adding Transfer Authentication

To validate if the balance transfer is authorized, we need to check if from_address has signed the transaction. To do that, we need to add the following code to the transfer method:

The wallets and other applications are responsible for generating valid signatures. By default, the extension will sign the transaction using the first account from the .

Sending an Invalid Transfer

By default, the extension will sign the transaction using the first account from the wallet. To make sure the transfer method is checking the transaction signature, we are going to send a transaction signed by a different account.

Run the transfer method by pressing Run. Select the second account as the first parameter and the first account as the second parameter. Set the amount to 100 and press enter.

Note that despite the transaction returning false, the transaction was still executed and had a cost. All transactions that are stored on the will have a cost, even if the transaction fails.

To finish the COIN contract and make it compatible with the standard, we need to update the transfer method to check if the recipient is a smart contract. If the recipient is a smart contract, we need to check if the contract implements the onNEP17Payment method. If the method is implemented, we need to call it.