diff --git a/libraries/chain/apply_context.cpp b/libraries/chain/apply_context.cpp index d6e04159e8782c3c61c424a80237088024bbd82b..0656be06a2d55ddb8d10cae35d258edfd9c6e3cc 100644 --- a/libraries/chain/apply_context.cpp +++ b/libraries/chain/apply_context.cpp @@ -194,6 +194,19 @@ void apply_context::require_recipient( account_name recipient ) { * can better understand the security risk. */ void apply_context::execute_inline( action&& a ) { + auto* code = control.db().find(a.account); + EOS_ASSERT( code != nullptr, action_validate_exception, + "inline action's code account ${account} does not exist", ("account", a.account) ); + + for( const auto& auth : a.authorization ) { + auto* actor = control.db().find(auth.actor); + EOS_ASSERT( actor != nullptr, action_validate_exception, + "inline action's authorizing actor ${account} does not exist", ("account", auth.actor) ); + EOS_ASSERT( control.get_authorization_manager().find_permission(auth) != nullptr, action_validate_exception, + "inline action's authorizations include a non-existent permission: {permission}", + ("permission", auth) ); + } + if ( !privileged ) { if( a.account != receiver ) { // if a contract is calling itself then there is no need to check permissions const auto delay = control.limit_delay( control.get_authorization_manager() @@ -214,7 +227,13 @@ void apply_context::execute_inline( action&& a ) { } void apply_context::execute_context_free_inline( action&& a ) { - FC_ASSERT( a.authorization.size() == 0, "context free actions cannot have authorizations" ); + auto* code = control.db().find(a.account); + EOS_ASSERT( code != nullptr, action_validate_exception, + "inline action's code account ${account} does not exist", ("account", a.account) ); + + EOS_ASSERT( a.authorization.size() == 0, action_validate_exception, + "context-free actions cannot have authorizations" ); + _cfa_inline_actions.emplace_back( move(a) ); } diff --git a/libraries/chain/controller.cpp b/libraries/chain/controller.cpp index 8d68883522756c54a5301973f197a7b12c47d164..ded35379de4d57535a43228e25f1d0668e978cea 100644 --- a/libraries/chain/controller.cpp +++ b/libraries/chain/controller.cpp @@ -1302,15 +1302,25 @@ fc::microseconds controller::limit_delay( fc::microseconds delay )const { void controller::validate_referenced_accounts( const transaction& trx )const { for( const auto& a : trx.context_free_actions ) { - get_account( a.account ); - FC_ASSERT( a.authorization.size() == 0 ); + auto* code = my->db.find(a.account); + EOS_ASSERT( code != nullptr, transaction_exception, + "action's code account ${account} does not exist", ("account", a.account) ); + EOS_ASSERT( a.authorization.size() == 0, transaction_exception, + "context-free actions cannot have authorizations" ); } bool one_auth = false; for( const auto& a : trx.actions ) { - get_account( a.account ); + auto* code = my->db.find(a.account); + EOS_ASSERT( code != nullptr, transaction_exception, + "action's code account ${account} does not exist", ("account", a.account) ); for( const auto& auth : a.authorization ) { one_auth = true; - get_account( auth.actor ); + auto* actor = my->db.find(auth.actor); + EOS_ASSERT( actor != nullptr, transaction_exception, + "action's authorizing actor ${account} does not exist", ("account", auth.actor) ); + EOS_ASSERT( my->authorization.find_permission(auth) != nullptr, transaction_exception, + "action's authorizations include a non-existent permission: {permission}", + ("permission", auth) ); } } EOS_ASSERT( one_auth, tx_no_auths, "transaction must have at least one authorization" );