Merge pull request #1969 from larryk85/feature/stricter_auth_checks

Feature/stricter auth checks

contracts/asserter/asserter.cpp

@@ -12,6 +12,7 @@ static int global_variable = 45;
 extern "C" {
     /// The apply method implements the dispatch of events to this contract
     void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
+       require_auth(code);
        if( code == N(asserter) ) {
           if( action == N(procassert) ) {
              assertdef check;

contracts/eosio.bios/eosio.bios.hpp

@@ -23,6 +23,7 @@ namespace eosio {
          }
 
          void setprods( producer_schedule sch ) {
+            require_auth( _self );
             char buffer[action_data_size()];
             read_action_data( buffer, sizeof(buffer) );
             set_active_producers(buffer, sizeof(buffer));

contracts/eosiolib/currency.hpp

@@ -193,6 +193,7 @@ namespace eosio {
           }
 
           void on( const transfer& t ) {
+             require_auth(t.from);
              auto sym = t.quantity.symbol.name();
              stats statstable( _contract, sym );
              const auto& st = statstable.get( sym );

contracts/multi_index_test/multi_index_test.cpp

@@ -171,6 +171,7 @@ namespace multi_index_test {
    extern "C" {
       /// The apply method implements the dispatch of events to this contract
       void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
+         require_auth(code);
          eosio_assert(eosio::dispatch<multi_index_test, multi_index_test::trigger>(code, action),
                       "Could not dispatch");
       }

contracts/proxy/proxy.cpp

@@ -58,6 +58,7 @@ namespace proxy {
 
    void apply_setowner(uint64_t receiver, set_owner params) {
       const auto self = receiver;
+      require_auth(params.owner);
       config code_config;
       configs::get(code_config, self);
       code_config.owner = params.owner;

contracts/test_api/test_action.cpp

@@ -156,6 +156,10 @@ void test_action::assert_true() {
    eosio_assert(true, "test_action::assert_true");
 }
 
+void test_action::assert_true_cf() {
+   eosio_assert(true, "test_action::assert_true");
+}
+
 void test_action::test_abort() {
    abort();
    eosio_assert( false, "should've aborted" );

contracts/test_api/test_api.cpp

@@ -19,9 +19,15 @@
 #include "test_permission.cpp"
 
 extern "C" {
-
    void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
-      //eosio::print("==> CONTRACT: ", code, " ", action, "\n");
+      if ( action == N(cf_action) ) {
+         test_action::test_cf_action();
+         return;
+      }
+      WASM_TEST_HANDLER(test_action, assert_true_cf);
+
+      require_auth(code);
+
       //test_types
       WASM_TEST_HANDLER(test_types, types_size);
       WASM_TEST_HANDLER(test_types, char_to_symbol);
@@ -62,11 +68,7 @@ extern "C" {
       if ( action == N(dummy_action) ) {
          test_action::test_dummy_action();
          return;
-      } else if ( action == N(cf_action) ) {
-         test_action::test_cf_action();
-         return;
-      }
-
+      } 
       //test_print
       WASM_TEST_HANDLER(test_print, test_prints);
       WASM_TEST_HANDLER(test_print, test_prints_l);
@@ -150,15 +152,6 @@ extern "C" {
       WASM_TEST_HANDLER(test_checktime, checktime_pass);
       WASM_TEST_HANDLER(test_checktime, checktime_failure);
 
-/*      
-      // test softfloat
-      WASM_TEST_HANDLER(test_softfloat, test_f32_add);
-      WASM_TEST_HANDLER(test_softfloat, test_f32_sub);
-      WASM_TEST_HANDLER(test_softfloat, test_f32_mul);
-      WASM_TEST_HANDLER(test_softfloat, test_f32_div);
-      WASM_TEST_HANDLER(test_softfloat, test_f32_min);
-*/
-
       // test permission
       WASM_TEST_HANDLER_EX(test_permission, check_authorization);
 

contracts/test_api/test_api.hpp

@@ -102,6 +102,7 @@ struct test_action {
   static void require_auth();
   static void assert_false();
   static void assert_true();
+  static void assert_true_cf();
   static void now();
   static void test_abort() __attribute__ ((noreturn)) ;
   static void test_current_receiver(uint64_t receiver, uint64_t code, uint64_t action);

contracts/test_api/test_transaction.cpp

@@ -278,7 +278,7 @@ void test_transaction::read_inline_action() {
 
 void test_transaction::read_inline_cf_action() {
    using namespace eosio;
-   using dummy_act_t = test_dummy_action<N(testapi), WASM_TEST_ACTION("test_action","assert_true")>;
+   using dummy_act_t = test_dummy_action<N(testapi), WASM_TEST_ACTION("test_action","assert_true_cf")>;
 
    char buffer[64];
    auto res = get_action( 2, 0, buffer, 64);

contracts/test_api_db/test_api_db.cpp

@@ -8,13 +8,8 @@
 #include "test_db.cpp"
 
 extern "C" {
-
-    void init()  {
-
-    }
-
    void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
-
+      require_auth(code); 
       WASM_TEST_HANDLER_EX(test_db, primary_i64_general);
       WASM_TEST_HANDLER_EX(test_db, primary_i64_lowerbound);
       WASM_TEST_HANDLER_EX(test_db, primary_i64_upperbound);

contracts/test_api_mem/test_api_mem.cpp

@@ -9,14 +9,8 @@
 #include "test_memory.cpp"
 
 extern "C" {
-
-    void init()  {
-
-    }
-
    void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
-
-      //eosio::print("==> CONTRACT: ", code, " ", action, "\n");
+      require_auth(code);
 
       //test_extended_memory
       WASM_TEST_HANDLER(test_extended_memory, test_initial_buffer);

contracts/test_api_multi_index/test_api_multi_index.cpp

@@ -8,8 +8,9 @@
 #include "test_multi_index.cpp"
 
 extern "C" {
-   void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
 
+   void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
+      require_auth(code);
       WASM_TEST_HANDLER_EX(test_multi_index, idx64_general);
       WASM_TEST_HANDLER_EX(test_multi_index, idx64_store_only);
       WASM_TEST_HANDLER_EX(test_multi_index, idx64_check_without_storing);

libraries/chain/apply_context.cpp

@@ -16,7 +16,6 @@ void apply_context::exec_one()
    try {
       const auto &a = mutable_controller.get_database().get<account_object, by_name>(receiver);
       privileged = a.privileged;
-
       auto native = mutable_controller.find_apply_handler(receiver, act.account, act.name);
       if (native) {
          (*native)(*this);
@@ -121,20 +120,47 @@ bool apply_context::is_account( const account_name& account )const {
    return nullptr != db.find<account_object,by_name>( account );
 }
 
-void apply_context::require_authorization( const account_name& account )const {
-  EOS_ASSERT( has_authorization(account), tx_missing_auth, "missing authority of ${account}", ("account",account));
+bool apply_context::all_authorizations_used()const {
+   for ( bool has_auth : used_authorizations ) {
+      if ( !has_auth )
+         return false;
+   }
+   return true;
 }
+
+vector<permission_level> apply_context::unused_authorizations()const {
+   vector<permission_level> ret_auths;
+   for ( uint32_t i=0; i < act.authorization.size(); i++ )
+      if ( !used_authorizations[i] )
+         ret_auths.push_back( act.authorization[i] );
+   return ret_auths;
+}
+
+void apply_context::require_authorization( const account_name& account ) {
+   for( uint32_t i=0; i < act.authorization.size(); i++ ) {
+     if( act.authorization[i].actor == account ) {
+        used_authorizations[i] = true;
+        return;
+     }
+   }
+   EOS_ASSERT( false, tx_missing_auth, "missing authority of ${account}", ("account",account));
+}
+
 bool apply_context::has_authorization( const account_name& account )const {
-  for( const auto& auth : act.authorization )
-     if( auth.actor == account ) return true;
+   for( const auto& auth : act.authorization )
+     if( auth.actor == account )
+        return true;
   return false;
 }
 
 void apply_context::require_authorization(const account_name& account,
-                                          const permission_name& permission)const {
-  for( const auto& auth : act.authorization )
-     if( auth.actor == account ) {
-        if( auth.permission == permission ) return;
+                                          const permission_name& permission) {
+  for( uint32_t i=0; i < act.authorization.size(); i++ )
+     if( act.authorization[i].actor == account ) {
+        if( act.authorization[i].permission == permission ) {
+           used_authorizations[i] = true;
+           return;
+        }
      }
   EOS_ASSERT( false, tx_missing_auth, "missing authority of ${account}/${permission}",
               ("account",account)("permission",permission) );

libraries/chain/chain_controller.cpp

@@ -449,7 +449,7 @@ transaction chain_controller::_get_on_block_transaction()
 void chain_controller::_apply_on_block_transaction()
 {
    _pending_block_trace->implicit_transactions.emplace_back(_get_on_block_transaction());
-   transaction_metadata mtrx(packed_transaction(_pending_block_trace->implicit_transactions.back()), get_chain_id(), head_block_time());
+   transaction_metadata mtrx(packed_transaction(_pending_block_trace->implicit_transactions.back()), get_chain_id(), head_block_time(), true /*is implicit*/);
    _push_transaction(std::move(mtrx));
 }
 
@@ -734,14 +734,20 @@ void chain_controller::__apply_block(const signed_block& next_block)
 
    block_trace next_block_trace(next_block);
 
-   /// cache the input tranasction ids so that they can be looked up when executing the
+   /// cache the input transaction ids so that they can be looked up when executing the
    /// summary
    vector<transaction_metadata> input_metas;
-   input_metas.reserve(next_block.input_transactions.size() + 1);
+   // add all implicit transactions
    {
       next_block_trace.implicit_transactions.emplace_back(_get_on_block_transaction());
-      input_metas.emplace_back(packed_transaction(next_block_trace.implicit_transactions.back()), get_chain_id(), head_block_time());
    }
+
+   input_metas.reserve(next_block.input_transactions.size() + next_block_trace.implicit_transactions.size());
+   
+   for ( const auto& t : next_block_trace.implicit_transactions ) {
+      input_metas.emplace_back(packed_transaction(t), get_chain_id(), head_block_time(), true /*implicit*/);
+   }
+
    map<transaction_id_type,size_t> trx_index;
    for( const auto& t : next_block.input_transactions ) {
       input_metas.emplace_back(t, chain_id_type(), next_block.timestamp);
@@ -806,15 +812,19 @@ void chain_controller::__apply_block(const signed_block& next_block)
                   } else {
                      const auto* gtrx = _db.find<generated_transaction_object,by_trx_id>(receipt.id);
                      if (gtrx != nullptr) {
+                        ilog( "defer" );
                         auto trx = fc::raw::unpack<deferred_transaction>(gtrx->packed_trx.data(), gtrx->packed_trx.size());
                         FC_ASSERT( trx.execute_after <= head_block_time() , "deffered transaction executed prematurely" );
                         _temp.emplace(trx, gtrx->published, trx.sender, trx.sender_id, gtrx->packed_trx.data(), gtrx->packed_trx.size() );
                         _destroy_generated_transaction(*gtrx);
                         return &*_temp;
                      } else {
-                        const auto& mtrx = input_metas[0];
-                        FC_ASSERT(mtrx.id == receipt.id, "on-block transaction id mismatch");
-                        return &input_metas[0];
+                        ilog( "implicit" );
+                        for ( size_t i=0; i < next_block_trace.implicit_transactions.size(); i++ ) {
+                           if ( input_metas[i].id == receipt.id )
+                              return &input_metas[i];
+                        }
+                        FC_ASSERT(false, "implicit transaction not found ${trx}", ("trx", receipt));
                      }
                   }
                };
@@ -1799,24 +1809,29 @@ static void log_handled_exceptions(const transaction& trx) {
 transaction_trace chain_controller::__apply_transaction( transaction_metadata& meta ) 
 { try {
    transaction_trace result(meta.id);
+   EOS_ASSERT( !meta.trx().actions.empty(), tx_no_action, "transactions require at least one context-aware action" );
+   // first check for at least one authorization
+   bool has_auth = false;
+   for (const auto& act : meta.trx().actions)
+      has_auth |= !act.authorization.empty();
+
+   EOS_ASSERT( has_auth, tx_no_auths, "transactions require at least one authorization" );
 
    validate_transaction( meta.trx() );
 
    for (const auto &act : meta.trx().context_free_actions) {
-      FC_ASSERT( act.authorization.size() == 0, "context free actions cannot require authorization" );
+      EOS_ASSERT( act.authorization.empty(), cfa_irrelevant_auth, "context-free actions cannot require authorization" );
       apply_context context(*this, _db, act, meta);
       context.context_free = true;
       context.exec();
       fc::move_append(result.action_traces, std::move(context.results.applied_actions));
       FC_ASSERT( result.deferred_transaction_requests.size() == 0 );
    }
-
+   
    for (const auto &act : meta.trx().actions) {
       apply_context context(*this, _db, act, meta);
       context.exec();
-      context.used_context_free_api |= act.authorization.size();
-
-      FC_ASSERT( context.used_context_free_api, "action did not reference database state, it should be moved to context_free_actions", ("act",act) );
+      context.results.applied_actions.back().auths_used = act.authorization.size() - context.unused_authorizations().size();
       fc::move_append(result.action_traces, std::move(context.results.applied_actions));
       fc::move_append(result.deferred_transaction_requests, std::move(context.results.deferred_transaction_requests));
    }
@@ -1836,6 +1851,12 @@ transaction_trace chain_controller::_apply_transaction( transaction_metadata& me
          temp_session.squash();
          return result;
       } catch (...) {
+         if (meta.is_implicit) {
+            transaction_trace result(meta.id);
+            result.status = transaction_trace::hard_fail;
+            return result;
+         }
+
          // if there is no sender, there is no error handling possible, rethrow
          if (!meta.sender) {
             throw;

libraries/chain/contracts/chain_initializer.cpp

@@ -34,7 +34,6 @@ void chain_initializer::register_types(chain_controller& chain, chainbase::datab
 
 #define SET_APP_HANDLER( contract, scope, action, nspace ) \
    chain._set_apply_handler( #contract, #scope, #action, &BOOST_PP_CAT(contracts::apply_, BOOST_PP_CAT(contract, BOOST_PP_CAT(_,action) ) ) )
-
    SET_APP_HANDLER( eosio, eosio, newaccount, eosio );
    SET_APP_HANDLER( eosio, eosio, setcode, eosio );
    SET_APP_HANDLER( eosio, eosio, setabi, eosio );

libraries/chain/contracts/eosio_contract.cpp

@@ -99,12 +99,10 @@ void apply_eosio_newaccount(apply_context& context) {
 
 } FC_CAPTURE_AND_RETHROW( (create) ) }
 
-
 void apply_eosio_setcode(apply_context& context) {
    auto& db = context.mutable_db;
    auto& resources = context.mutable_controller.get_mutable_resource_limits_manager();
    auto  act = context.act.data_as<setcode>();
-
    context.require_authorization(act.account);
    context.require_write_lock( config::eosio_auth_scope );
 

libraries/chain/include/eosio/chain/apply_context.hpp

@@ -10,6 +10,7 @@
 #include <fc/utility.hpp>
 #include <sstream>
 #include <algorithm>
+#include <set>
 
 namespace chainbase { class database; }
 
@@ -477,9 +478,9 @@ class apply_context {
        *
        * @throws tx_missing_auth If no sufficient permission was found
        */
-      void require_authorization(const account_name& account)const;
-      bool has_authorization(const account_name& account)const;
-      void require_authorization(const account_name& account, const permission_name& permission)const;
+      void require_authorization(const account_name& account);
+      bool has_authorization(const account_name& account) const;
+      void require_authorization(const account_name& account, const permission_name& permission);
       void require_write_lock(const scope_name& scope);
       void require_read_lock(const account_name& account, const scope_name& scope);
 

libraries/chain/include/eosio/chain/contracts/eos_contract.hpp

@@ -14,8 +14,7 @@ namespace eosio { namespace chain { namespace contracts {
     * @defgroup native_action_handlers Native Action Handlers
     */
    ///@{
-   void apply_eosio_newaccount(apply_context& context);
-
+   void apply_eosio_newaccount(apply_context&);
    void apply_eosio_updateauth(apply_context&);
    void apply_eosio_deleteauth(apply_context&);
    void apply_eosio_linkauth(apply_context&);

libraries/chain/include/eosio/chain/exceptions.hpp

@@ -64,6 +64,10 @@ namespace eosio { namespace chain {
    FC_DECLARE_DERIVED_EXCEPTION( tx_empty_cycle,                    eosio::chain::transaction_exception, 3030028, "Transaction contains an empty cycle" )
    FC_DECLARE_DERIVED_EXCEPTION( tx_empty_shard,                    eosio::chain::transaction_exception, 3030029, "Transaction contains an empty shard" )
    FC_DECLARE_DERIVED_EXCEPTION( tx_receipt_inconsistent_status,    eosio::chain::transaction_exception, 3030030, "Transaction receipt applied status does not match received status" )
+   FC_DECLARE_DERIVED_EXCEPTION( cfa_irrelevant_auth,               eosio::chain::transaction_exception, 3030031, "context-free action should have no required authority" )
+   FC_DECLARE_DERIVED_EXCEPTION( tx_no_action,                      eosio::chain::transaction_exception, 3030032, "transaction should have at least one normal action" )
+   FC_DECLARE_DERIVED_EXCEPTION( tx_no_auths,                       eosio::chain::transaction_exception, 3030033, "transaction should have at least one required authority" )
+
 
    FC_DECLARE_DERIVED_EXCEPTION( account_name_exists_exception,     eosio::chain::action_validate_exception, 3040001, "account name already exists" )
    FC_DECLARE_DERIVED_EXCEPTION( invalid_action_args_exception,       eosio::chain::action_validate_exception, 3040002, "Invalid Action Arguments" )

libraries/chain/include/eosio/chain/transaction_metadata.hpp

@@ -24,7 +24,7 @@ class transaction_metadata {
          ,_trx(&t)
       {}
 
-      transaction_metadata( const packed_transaction& t, chain_id_type chainid, const time_point& published );
+      transaction_metadata( const packed_transaction& t, chain_id_type chainid, const time_point& published, bool implicit=false );
 
       transaction_metadata( transaction_metadata && ) = default;
       transaction_metadata& operator= (transaction_metadata &&) = default;
@@ -54,6 +54,9 @@ class transaction_metadata {
       size_t                                raw_size = 0;
 
       vector<char>                          packed_trx;
+      
+      // is this transaction implicit
+      bool                                  is_implicit = false; 
 
       // scopes available to this transaction if we are applying a block
       optional<const vector<shard_lock>*>   allowed_read_locks;
@@ -77,3 +80,4 @@ class transaction_metadata {
 
 } } // eosio::chain
 
+FC_REFLECT( eosio::chain::transaction_metadata, (raw_trx)(signing_keys)(id)(region_id)(cycle_index)(shard_index)(bandwidth_usage)(published)(sender)(sender_id)(is_implicit))

libraries/chain/include/eosio/chain/transaction_trace.hpp

@@ -33,6 +33,7 @@ namespace eosio { namespace chain {
       uint32_t                   region_id;
       uint32_t                   cycle_index;
       vector<data_access_info>   data_access;
+      uint32_t                   auths_used;
 
       fc::microseconds           _profiling_us = fc::microseconds(0);
    };

libraries/chain/transaction_metadata.cpp

@@ -4,7 +4,7 @@
 
 namespace eosio { namespace chain {
 
-transaction_metadata::transaction_metadata( const packed_transaction& t, chain_id_type chainid, const time_point& published )
+transaction_metadata::transaction_metadata( const packed_transaction& t, chain_id_type chainid, const time_point& published, bool implicit )
    :raw_trx(t.get_raw_transaction())
    ,decompressed_trx(fc::raw::unpack<transaction>(*raw_trx))
    ,context_free_data(t.context_free_data)
@@ -13,6 +13,7 @@ transaction_metadata::transaction_metadata( const packed_transaction& t, chain_i
    ,published(published)
    ,raw_data(raw_trx->data())
    ,raw_size(raw_trx->size())
+   ,is_implicit(implicit)
 { }
 
 digest_type transaction_metadata::calculate_transaction_merkle_root( const vector<transaction_metadata>& metas ) {
@@ -26,4 +27,4 @@ digest_type transaction_metadata::calculate_transaction_merkle_root( const vecto
    return merkle( std::move(ids) );
 }
 
-} } // eosio::chain
\ No newline at end of file
+} } // eosio::chain

libraries/chain/wasm_interface.cpp

@@ -1555,7 +1555,7 @@ REGISTER_INTRINSICS(apply_context,
    (require_write_lock,    void(int64_t)          )
    (require_read_lock,     void(int64_t, int64_t) )
    (require_recipient,     void(int64_t)          )
-   (require_authorization, void(int64_t), "require_auth", void(apply_context::*)(const account_name&)const)
+   (require_authorization, void(int64_t), "require_auth", void(apply_context::*)(const account_name&))
    (has_authorization,     int(int64_t), "has_auth", bool(apply_context::*)(const account_name&)const)
    (is_account,            int(int64_t)           )
 );

tests/api_tests/api_tests.cpp

@@ -166,6 +166,7 @@ transaction_trace CallFunction(TESTER& test, T ac, const vector<char>& data, con
 
       action act(pl, ac);
       act.data = data;
+      act.authorization = {{N(testapi), config::active_name}};
       trx.actions.push_back(act);
 
       test.set_transaction_headers(trx, test.DEFAULT_EXPIRATION_DELTA, extra_cf_cpu_usage );
@@ -350,15 +351,17 @@ BOOST_FIXTURE_TEST_CASE(action_tests, TESTER) { try {
       auto dat = fc::raw::pack(a3a4);
       vector<char>& dest = *(vector<char> *)(&act.data);
       std::copy(dat.begin(), dat.end(), std::back_inserter(dest));
+      act.authorization = {{N(testapi), config::active_name}, {N(acc3), config::active_name}, {N(acc4), config::active_name}};
       trx.actions.push_back(act);
 
       set_transaction_headers(trx);
+		trx.sign(get_private_key(N(testapi), "active"), chain_id_type());
 		trx.sign(get_private_key(N(acc3), "active"), chain_id_type());
 		trx.sign(get_private_key(N(acc4), "active"), chain_id_type());
 		auto res = push_transaction(trx);
 		BOOST_CHECK_EQUAL(res.status, transaction_receipt::executed);
    }
-
+   
    uint32_t now = control->head_block_time().sec_since_epoch();
    CALL_TEST_FUNCTION( *this, "test_action", "now", fc::raw::pack(now));
 
@@ -403,9 +406,16 @@ BOOST_FIXTURE_TEST_CASE(cf_action_tests, TESTER) { try {
       produce_blocks(1000);
       set_code( N(testapi), test_api_wast );
       produce_blocks(1);
-
       cf_action cfa;
       signed_transaction trx;
+      set_transaction_headers(trx);
+      // need at least one normal action
+      BOOST_CHECK_EXCEPTION(push_transaction(trx), tx_no_action,
+                            [](const fc::assert_exception& e) {
+                               return expect_assert_message(e, "transactions require at least one context-aware action");
+                            }
+      );
+
       action act({}, cfa);
       trx.context_free_actions.push_back(act);
       trx.context_free_data.emplace_back(fc::raw::pack<uint32_t>(100)); // verify payload matches context free data
@@ -451,30 +461,34 @@ BOOST_FIXTURE_TEST_CASE(cf_action_tests, TESTER) { try {
                                return expect_assert_message(e, "may only be called from context_free");
                             }
       );
+      {
+         // back to normal action
+         action act1(pl, da);
+         signed_transaction trx;
+         trx.context_free_actions.push_back(act);
+         trx.context_free_data.emplace_back(fc::raw::pack<uint32_t>(100)); // verify payload matches context free data
+         trx.context_free_data.emplace_back(fc::raw::pack<uint32_t>(200));
+         
+         trx.actions.push_back(act1);
+         // attempt to access non context free api
+         for (uint32_t i = 200; i <= 204; ++i) {
+            trx.context_free_actions.clear();
+            trx.context_free_data.clear();
+            cfa.payload = i;
+            cfa.cfd_idx = 1;
+            action cfa_act({}, cfa);
+            trx.context_free_actions.emplace_back(cfa_act);
+            trx.signatures.clear();
+            set_transaction_headers(trx);
+            sigs = trx.sign(get_private_key(N(testapi), "active"), chain_id_type());
+            BOOST_CHECK_EXCEPTION(push_transaction(trx), transaction_exception,
+                 [](const fc::exception& e) {
+                    return expect_assert_message(e, "context_free: only context free api's can be used in this context");
+                 }
+            );
+         }
 
-      // back to normal action
-      trx.signatures.clear();
-      trx.actions.clear();
-      trx.actions.push_back(act1);
-
-      // attempt to access non context free api
-      for (uint32_t i = 200; i <= 204; ++i) {
-         trx.context_free_actions.clear();
-         trx.context_free_data.clear();
-         cfa.payload = i;
-         cfa.cfd_idx = 1;
-         action cfa_act({}, cfa);
-         trx.context_free_actions.emplace_back(cfa_act);
-         trx.signatures.clear();
-         set_transaction_headers(trx);
-         sigs = trx.sign(get_private_key(N(testapi), "active"), chain_id_type());
-         BOOST_CHECK_EXCEPTION(push_transaction(trx), transaction_exception,
-              [](const fc::exception& e) {
-                 return expect_assert_message(e, "context_free: only context free api's can be used in this context");
-              }
-         );
       }
-
       produce_block();
 
       // test send context free action
@@ -492,6 +506,7 @@ BOOST_FIXTURE_TEST_CASE(cf_action_tests, TESTER) { try {
       );
 
       CALL_TEST_FUNCTION( *this, "test_transaction", "read_inline_action", {} );
+
       CallFunction( *this, test_api_action<TEST_METHOD("test_transaction", "read_inline_cf_action")>{}, {}, {N(testapi)}, 20000 );
 
       BOOST_REQUIRE_EQUAL( validate(), true );
@@ -634,6 +649,20 @@ BOOST_FIXTURE_TEST_CASE(transaction_tests, TESTER) { try {
    produce_blocks(100);
    set_code( N(testapi), test_api_wast );
    produce_blocks(1);
+   // test for zero auth
+   {
+      signed_transaction trx;
+      auto tm = test_api_action<TEST_METHOD("test_action", "require_auth")>{};
+      action act({}, tm); 
+      trx.actions.push_back(act);
+
+		set_transaction_headers(trx);
+      BOOST_CHECK_EXCEPTION(push_transaction(trx), transaction_exception,
+         [](const fc::exception& e) {
+            return expect_assert_message(e, "transactions require at least one authorization");
+         }
+      );
+   }
 
    // test send_action
    CALL_TEST_FUNCTION(*this, "test_transaction", "send_action", {});
@@ -644,10 +673,9 @@ BOOST_FIXTURE_TEST_CASE(transaction_tests, TESTER) { try {
    // test send_action_large
    BOOST_CHECK_EXCEPTION(CALL_TEST_FUNCTION(*this, "test_transaction", "send_action_large", {}), transaction_exception,
          [](const fc::exception& e) {
-            return expect_assert_message(e, "data_len < config::default_max_inline_action_size: inline action too big");
+            return expect_assert_message(e, "data_len < config::default_max_inline_action_size");
          }
       );
-
    // test send_action_inline_fail
    BOOST_CHECK_EXCEPTION(CALL_TEST_FUNCTION(*this, "test_transaction", "send_action_inline_fail", {}), transaction_exception,
          [](const fc::exception& e) {
@@ -851,6 +879,7 @@ BOOST_FIXTURE_TEST_CASE(db_tests, TESTER) { try {
 
    BOOST_REQUIRE_EQUAL( validate(), true );
 } FC_LOG_AND_RETHROW() }
+
 /*************************************************************************************
  * multi_index_tests test case
  *************************************************************************************/

tests/chain_tests/auth_tests.cpp

@@ -22,7 +22,7 @@ BOOST_FIXTURE_TEST_CASE( missing_sigs, TESTER ) { try {
    BOOST_REQUIRE_THROW( push_reqauth( N(alice), {permission_level{N(alice), config::active_name}}, {} ), tx_missing_sigs );
    auto trace = push_reqauth(N(alice), "owner");
 
-                    produce_block();
+   produce_block();
    BOOST_REQUIRE_EQUAL(true, chain_has_transaction(trace.id));
 
 } FC_LOG_AND_RETHROW() } /// missing_sigs
@@ -49,7 +49,6 @@ BOOST_FIXTURE_TEST_CASE( missing_auths, TESTER ) { try {
 
 } FC_LOG_AND_RETHROW() } /// transfer_test
 
-
 /**
  *  This test case will attempt to allow one account to transfer on behalf
  *  of another account by updating the active authority.

tests/chain_tests/block_tests.cpp

@@ -44,10 +44,10 @@ BOOST_AUTO_TEST_CASE( push_block ) { try {
    TESTER test1;
    tester test2(false);
 
+   test2.control->push_block(test1.produce_block());
    for (uint32 i = 0; i < 1000; ++i) {
       test2.push_block(test1.produce_block());
    }
-
    test1.create_account(N(alice));
    test2.push_block(test1.produce_block());
 

tests/chain_tests/delay_tests.cpp

@@ -1414,7 +1414,6 @@ BOOST_AUTO_TEST_CASE( canceldelay_test ) { try {
    BOOST_REQUIRE_EQUAL(0, trace.deferred_transaction_requests.size());
 
    chain.produce_blocks();
-
    auto liquid_balance = get_currency_balance(chain, N(currency));
    BOOST_REQUIRE_EQUAL(asset::from_string("999900.0000 CUR"), liquid_balance);
    liquid_balance = get_currency_balance(chain, N(tester));
@@ -1491,6 +1490,7 @@ BOOST_AUTO_TEST_CASE( canceldelay_test ) { try {
    signed_transaction trx;
    trx.actions.emplace_back(vector<permission_level>{{N(tester), config::active_name}},
                             chain::contracts::canceldelay{sender_id_to_cancel});
+   trx.actions.back().authorization.push_back({N(tester), config::active_name});
 
    chain.set_transaction_headers(trx);
    trx.sign(chain.get_private_key(N(tester), "active"), chain_id_type());

tests/wasm_tests/currency_tests.cpp

@@ -382,7 +382,7 @@ BOOST_FIXTURE_TEST_CASE( test_proxy, currency_tester ) try {
       action setowner_act;
       setowner_act.account = N(proxy);
       setowner_act.name = N(setowner);
-      setowner_act.authorization = vector<permission_level>{{N(proxy), config::active_name}};
+      setowner_act.authorization = vector<permission_level>{{N(alice), config::active_name}};
       setowner_act.data = proxy_abi_ser.variant_to_binary("setowner", mutable_variant_object()
          ("owner", "alice")
          ("delay", 10)
@@ -390,7 +390,7 @@ BOOST_FIXTURE_TEST_CASE( test_proxy, currency_tester ) try {
       trx.actions.emplace_back(std::move(setowner_act));
 
       set_transaction_headers(trx);
-      trx.sign(get_private_key(N(proxy), "active"), chain_id_type());
+      trx.sign(get_private_key(N(alice), "active"), chain_id_type());
       push_transaction(trx);
       produce_block();
       BOOST_REQUIRE_EQUAL(true, chain_has_transaction(trx.id()));
@@ -437,7 +437,7 @@ BOOST_FIXTURE_TEST_CASE( test_deferred_failure, currency_tester ) try {
       action setowner_act;
       setowner_act.account = N(proxy);
       setowner_act.name = N(setowner);
-      setowner_act.authorization = vector<permission_level>{{N(proxy), config::active_name}};
+      setowner_act.authorization = vector<permission_level>{{N(bob), config::active_name}};
       setowner_act.data = proxy_abi_ser.variant_to_binary("setowner", mutable_variant_object()
          ("owner", "bob")
          ("delay", 10)
@@ -445,7 +445,7 @@ BOOST_FIXTURE_TEST_CASE( test_deferred_failure, currency_tester ) try {
       trx.actions.emplace_back(std::move(setowner_act));
 
       set_transaction_headers(trx);
-      trx.sign(get_private_key(N(proxy), "active"), chain_id_type());
+      trx.sign(get_private_key(N(bob), "active"), chain_id_type());
       push_transaction(trx);
       produce_block();
       BOOST_REQUIRE_EQUAL(true, chain_has_transaction(trx.id()));
@@ -482,7 +482,7 @@ BOOST_FIXTURE_TEST_CASE( test_deferred_failure, currency_tester ) try {
       action setowner_act;
       setowner_act.account = N(bob);
       setowner_act.name = N(setowner);
-      setowner_act.authorization = vector<permission_level>{{N(bob), config::active_name}};
+      setowner_act.authorization = vector<permission_level>{{N(alice), config::active_name}};
       setowner_act.data = proxy_abi_ser.variant_to_binary("setowner", mutable_variant_object()
          ("owner", "alice")
          ("delay", 0)
@@ -490,7 +490,7 @@ BOOST_FIXTURE_TEST_CASE( test_deferred_failure, currency_tester ) try {
       trx.actions.emplace_back(std::move(setowner_act));
 
       set_transaction_headers(trx);
-      trx.sign(get_private_key(N(bob), "active"), chain_id_type());
+      trx.sign(get_private_key(N(alice), "active"), chain_id_type());
       push_transaction(trx);
       produce_block();
       BOOST_REQUIRE_EQUAL(true, chain_has_transaction(trx.id()));

tests/wasm_tests/eosio.system_tests.cpp

@@ -59,7 +59,7 @@ public:
          act.name = name;
          act.data = abi_ser.variant_to_binary( action_type_name, data );
 
-         return base_tester::push_action( std::move(act), auth ? uint64_t(signer) : 0 );
+         return base_tester::push_action( std::move(act), auth ? uint64_t(signer) : signer == N(bob) ? N(alice) : N(bob) );
    }
 
    action_result stake( const account_name& from, const account_name& to, const string& net, const string& cpu, const string& storage ) {
@@ -1063,7 +1063,7 @@ BOOST_FIXTURE_TEST_CASE( proxy_actions_affect_producers, eosio_system_tester ) t
 } FC_LOG_AND_RETHROW()
 
 BOOST_FIXTURE_TEST_CASE(producer_pay, eosio_system_tester) try {
-   issue( "alice", "1000000.0000 EOS",  config::system_account_name );
+   issue( "alice", "10000000.0000 EOS",  config::system_account_name );
    fc::variant params = producer_parameters_example(50);
    vector<char> key = fc::raw::pack(get_public_key(N(alice), "active"));
 

tests/wasm_tests/exchange_tests.cpp

@@ -60,8 +60,7 @@ FC_REFLECT( exchange_state, (manager)(supply)(fee)(base)(quote) );
 
 class exchange_tester : public TESTER {
    public:
-
-      auto push_action(account_name contract,
+       auto push_action(account_name contract,
                        const account_name& signer,
                        const action_name &name, const variant_object &data ) {
          string action_type_name = abi_ser.get_action_type(name);

tests/wasm_tests/identity_tests.cpp

@@ -109,7 +109,7 @@ public:
                                                   ("creator", account_name)
                                                   ("identity", identity)
       );
-      return push_action( std::move(create_act), (auth ? string_to_name(account_name.c_str()) : 0) );
+      return push_action( std::move(create_act), (auth ? string_to_name(account_name.c_str()) : (string_to_name(account_name.c_str()) == N(bob)) ? N(alice) : N(bob)));
    }
 
    fc::variant get_identity(uint64_t idnt) {
@@ -138,7 +138,7 @@ public:
                                                 ("identity", identity)
                                                 ("value", fields)
       );
-      return push_action( std::move(cert_act), (auth ? string_to_name(certifier.c_str()) : 0) );
+      return push_action( std::move(cert_act), (auth ? string_to_name(certifier.c_str()) : (string_to_name(certifier.c_str()) == N(bob)) ? N(alice) : N(bob)));
    }
 
    fc::variant get_certrow(uint64_t identity, const string& property, uint64_t trusted, const string& certifier) {
@@ -239,14 +239,15 @@ BOOST_FIXTURE_TEST_CASE( identity_create, identity_tester ) try {
    BOOST_REQUIRE_EQUAL( 2, idnt2["identity"].as_uint64());
    BOOST_REQUIRE_EQUAL( "alice", idnt2["creator"].as_string());
 
+   //bob can create an identity as well
+   BOOST_REQUIRE_EQUAL(success(), create_identity("bob", 1));
+
    //identity == 0 has special meaning, should be impossible to create
    BOOST_REQUIRE_EQUAL(error("condition: assertion failed: identity=0 is not allowed"), create_identity("alice", 0));
 
    //creating adentity without authentication is not allowed
    BOOST_REQUIRE_EQUAL(error("missing authority of alice"), create_identity("alice", 3, false));
 
-   //bob can create an identity as well
-   BOOST_REQUIRE_EQUAL(success(), create_identity("bob", 1));
    fc::variant idnt_bob = get_identity(1);
    BOOST_REQUIRE_EQUAL( 1, idnt_bob["identity"].as_uint64());
    BOOST_REQUIRE_EQUAL( "bob", idnt_bob["creator"].as_string());

tests/wasm_tests/test_softfloat_wasts.hpp

@@ -2,6 +2,7 @@
 
 static const char f32_test_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)
@@ -2545,6 +2546,7 @@ static const char f32_test_wast[] = R"=====(
    (func $trunc (param $0 f32) (result f32) (f32.trunc (get_local $0)))
    (func $nearest (param $0 f32) (result f32) (f32.nearest (get_local $0)))
    (func $apply (param $0 i64)(param $1 i64)(param $2 i64)
+   (call $require_auth (i64.const 6396251299783901184))
    (call $assert_return (call $add (f32.const -0x0p+0) (f32.const -0x0p+0)) (f32.const -0x0p+0) (i32.const 20))
    (call $assert_return (call $add (f32.const -0x0p+0) (f32.const 0x0p+0)) (f32.const 0x0p+0) (i32.const 24))
    (call $assert_return (call $add (f32.const 0x0p+0) (f32.const -0x0p+0)) (f32.const 0x0p+0) (i32.const 28))
@@ -5049,6 +5051,7 @@ static const char f32_test_wast[] = R"=====(
 )=====";
 static const char f32_cmp_test_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)
@@ -7468,6 +7471,7 @@ static const char f32_cmp_test_wast[] = R"=====(
    (func $fge (param $0 f32) (param $1 f32) (result i32) (f32.ge (get_local $0) (get_local $1)))
    (func $fle (param $0 f32) (param $1 f32) (result i32) (f32.le (get_local $0) (get_local $1)))
    (func $apply (param $0 i64)(param $1 i64)(param $2 i64)
+   (call $require_auth (i64.const 6396251299783901184))
    (call $assert_return (call $feq (f32.const -0x0p+0) (f32.const -0x0p+0)) (i32.const 1) (i32.const 20))
    (call $assert_return (call $feq (f32.const -0x0p+0) (f32.const 0x0p+0)) (i32.const 1) (i32.const 24))
    (call $assert_return (call $feq (f32.const 0x0p+0) (f32.const -0x0p+0)) (i32.const 1) (i32.const 28))
@@ -9873,6 +9877,7 @@ static const char f32_cmp_test_wast[] = R"=====(
 
 static const char f32_bitwise_test_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)
@@ -10260,6 +10265,7 @@ static const char f32_bitwise_test_wast[] = R"=====(
    (func $neg (param $0 f32) (result f32) (f32.neg (get_local $0)))
    (func $copysign (param $0 f32) (param $1 f32) (result f32) (f32.copysign (get_local $0) (get_local $1)))
    (func $apply (param $0 i64)(param $1 i64)(param $2 i64)
+   (call $require_auth (i64.const 6396251299783901184))
    (call $assert_return (call $copysign (f32.const -0x0p+0) (f32.const -0x0p+0)) (f32.const -0x0p+0) (i32.const 20))
    (call $assert_return (call $copysign (f32.const -0x0p+0) (f32.const 0x0p+0)) (f32.const 0x0p+0) (i32.const 24))
    (call $assert_return (call $copysign (f32.const 0x0p+0) (f32.const -0x0p+0)) (f32.const -0x0p+0) (i32.const 28))
@@ -10624,6 +10630,7 @@ static const char f32_bitwise_test_wast[] = R"=====(
 )=====";
 static const char f64_test_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)
@@ -13167,6 +13174,7 @@ static const char f64_test_wast[] = R"=====(
    (func $trunc (param $0 f64) (result f64) (f64.trunc (get_local $0)))
    (func $nearest (param $0 f64) (result f64) (f64.nearest (get_local $0)))
    (func $apply (param $0 i64)(param $1 i64)(param $2 i64)
+   (call $require_auth (i64.const 6355331582554800128))
    (call $assert_return (call $add (f64.const -0x0p+0) (f64.const -0x0p+0)) (f64.const -0x0p+0) (i32.const 20))
    (call $assert_return (call $add (f64.const -0x0p+0) (f64.const 0x0p+0)) (f64.const 0x0p+0) (i32.const 24))
    (call $assert_return (call $add (f64.const 0x0p+0) (f64.const -0x0p+0)) (f64.const 0x0p+0) (i32.const 28))
@@ -15671,6 +15679,7 @@ static const char f64_test_wast[] = R"=====(
 )=====";
 static const char f64_bitwise_test_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)
@@ -16044,6 +16053,7 @@ static const char f64_bitwise_test_wast[] = R"=====(
    (func $neg (param $0 f64) (result f64) (f64.neg (get_local $0)))
    (func $copysign (param $0 f64) (param $1 f64) (result f64) (f64.copysign (get_local $0) (get_local $1)))
    (func $apply (param $0 i64)(param $1 i64)(param $2 i64)
+   (call $require_auth (i64.const 6355331582554800128))
     (call $assert_return (call $copysign (f64.const -0x0p+0) (f64.const -0x0p+0)) (f64.const -0x0p+0) (i32.const 20))
     (call $assert_return (call $copysign (f64.const -0x0p+0) (f64.const 0x0p+0)) (f64.const 0x0p+0) (i32.const 24))
     (call $assert_return (call $copysign (f64.const 0x0p+0) (f64.const -0x0p+0)) (f64.const -0x0p+0) (i32.const 28))
@@ -16409,6 +16419,7 @@ static const char f64_bitwise_test_wast[] = R"=====(
 
 static const char f64_cmp_test_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)
@@ -18828,6 +18839,7 @@ static const char f64_cmp_test_wast[] = R"=====(
    (func $ge (param $0 f64) (param $1 f64) (result i32) (f64.ge (get_local $0) (get_local $1)))
    (func $le (param $0 f64) (param $1 f64) (result i32) (f64.le (get_local $0) (get_local $1)))
    (func $apply (param $0 i64)(param $1 i64)(param $2 i64)
+    (call $require_auth (i64.const 6355331582554800128))
     (call $assert_return (call $eq (f64.const -0x0p+0) (f64.const -0x0p+0)) (i32.const 1) (i32.const 20))
     (call $assert_return (call $eq (f64.const -0x0p+0) (f64.const 0x0p+0)) (i32.const 1) (i32.const 24))
     (call $assert_return (call $eq (f64.const 0x0p+0) (f64.const -0x0p+0)) (i32.const 1) (i32.const 28))
@@ -21233,6 +21245,7 @@ static const char f64_cmp_test_wast[] = R"=====(
 
 static const char f32_f64_conv_wast[] = R"=====(
 (module
+  (import "env" "require_auth" (func $require_auth (param i64)))
   (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
    (table 0 anyfunc)
    (memory $0 1)

tests/wasm_tests/test_wasts.hpp

@@ -18,6 +18,7 @@ static const char f32_add_wast[] = R"=====(
 */
 static const char entry_wast[] = R"=====(
 (module
+ (import "env" "require_auth" (func $require_auth (param i64)))
  (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
  (import "env" "now" (func $now (result i32)))
  (table 0 anyfunc)
@@ -32,6 +33,7 @@ static const char entry_wast[] = R"=====(
   )
  )
  (func $apply (param $0 i64) (param $1 i64) (param $2 i64)
+  (call $require_auth (i64.const 6121376101093867520))
   (call $eosio_assert
    (i32.eq
     (i32.load offset=4
@@ -48,10 +50,12 @@ static const char entry_wast[] = R"=====(
 
 static const char simple_no_memory_wast[] = R"=====(
 (module
+ (import "env" "require_auth" (func $require_auth (param i64)))
  (import "env" "memcpy" (func $memcpy (param i32 i32 i32) (result i32)))
  (table 0 anyfunc)
  (export "apply" (func $apply))
  (func $apply (param $0 i64) (param $1 i64) (param $2 i64)
+    (call $require_auth (i64.const 11323361180581363712))
     (drop
        (call $memcpy
           (i32.const 0)
@@ -65,12 +69,14 @@ static const char simple_no_memory_wast[] = R"=====(
 
 static const char mutable_global_wast[] = R"=====(
 (module
+ (import "env" "require_auth" (func $require_auth (param i64)))
  (import "env" "eosio_assert" (func $eosio_assert (param i32 i32)))
  (table 0 anyfunc)
  (memory $0 1)
  (export "memory" (memory $0))
  (export "apply" (func $apply))
  (func $apply (param $0 i64) (param $1 i64) (param $2 i64)
+  (call $require_auth (i64.const 7235159549794234880))
   (if (i64.eq (get_local $2) (i64.const 0)) (then
     (set_global $g0 (i64.const 444))
     (return)
@@ -88,12 +94,13 @@ static const char mutable_global_wast[] = R"=====(
 static const char biggest_memory_wast[] = R"=====(
 (module
  (import "env" "eosio_assert" (func $$eosio_assert (param i32 i32)))
+ (import "env" "require_auth" (func $$require_auth (param i64)))
  (table 0 anyfunc)
  (memory $$0 ${MAX_WASM_PAGES})
  (export "memory" (memory $$0))
  (export "apply" (func $$apply))
- 
  (func $$apply (param $$0 i64) (param $$1 i64) (param $$2 i64)
+  (call $$require_auth (i64.const 4294504710842351616))
   (call $$eosio_assert
    (i32.eq
      (grow_memory (i32.const 1))
@@ -173,12 +180,14 @@ static const char memory_table_import[] = R"=====(
 
 static const char table_checker_wast[] = R"=====(
 (module
+ (import "env" "require_auth" (func $require_auth (param i64)))
  (import "env" "eosio_assert" (func $assert (param i32 i32)))
  (type $SIG$vj (func (param i64)))
  (table 1024 anyfunc)
  (memory $0 1)
  (export "apply" (func $apply))
  (func $apply (param $0 i64) (param $1 i64) (param $2 i64)
+   (call $require_auth (i64.const 14547189746360123392))
    (call_indirect $SIG$vj
      (i64.shr_u
        (get_local $2)
@@ -214,6 +223,7 @@ static const char table_checker_wast[] = R"=====(
 
 static const char table_checker_proper_syntax_wast[] = R"=====(
 (module
+ (import "env" "require_auth" (func $require_auth (param i64)))
  (import "env" "eosio_assert" (func $assert (param i32 i32)))
  (import "env" "printi" (func $printi (param i64)))
  (type $SIG$vj (func (param i64)))
@@ -221,6 +231,7 @@ static const char table_checker_proper_syntax_wast[] = R"=====(
  (memory $0 1)
  (export "apply" (func $apply))
  (func $apply (param $0 i64) (param $1 i64) (param $2 i64)
+   (call $require_auth (i64.const 14547189746360123392))
    (call_indirect (type $SIG$vj)
      (i64.shr_u
        (get_local $2)
@@ -256,6 +267,7 @@ static const char table_checker_proper_syntax_wast[] = R"=====(
 
 static const char table_checker_small_wast[] = R"=====(
 (module
+ (import "env" "require_auth" (func $require_auth (param i64)))
  (import "env" "eosio_assert" (func $assert (param i32 i32)))
  (import "env" "printi" (func $printi (param i64)))
  (type $SIG$vj (func (param i64)))
@@ -263,6 +275,7 @@ static const char table_checker_small_wast[] = R"=====(
  (memory $0 1)
  (export "apply" (func $apply))
  (func $apply (param $0 i64) (param $1 i64) (param $2 i64)
+   (call $require_auth (i64.const 14547189746360123392))
    (call_indirect (type $SIG$vj)
      (i64.shr_u
        (get_local $2)
@@ -418,4 +431,4 @@ static const char import_injected_wast[] =
 " (export \"apply\" (func $apply))"                                                   \
 " (import \"" EOSIO_INJECTED_MODULE_NAME "\" \"checktime\" (func $inj (param i32)))"  \
 " (func $apply (param $0 i64) (param $1 i64) (param $2 i64))"                         \
-")";
\ No newline at end of file
+")";

tests/wasm_tests/wasm_tests.cpp

@@ -85,6 +85,7 @@ BOOST_FIXTURE_TEST_CASE( basic_test, TESTER ) try {
       signed_transaction trx;
       trx.actions.emplace_back( vector<permission_level>{{N(asserter),config::active_name}},
                                 assertdef {1, "Should Not Assert!"} );
+      trx.actions[0].authorization = {{N(asserter),config::active_name}};
 
       set_transaction_headers(trx);
       trx.sign( get_private_key( N(asserter), "active" ), chain_id_type() );
@@ -212,7 +213,7 @@ BOOST_FIXTURE_TEST_CASE( abi_from_variant, TESTER ) try {
 // test softfloat 32 bit operations
 BOOST_FIXTURE_TEST_CASE( f32_tests, TESTER ) try {
    produce_blocks(2);
-
+   account_name an = N(f_tests);
    create_accounts( {N(f32_tests)} );
    produce_block();
    {
@@ -364,7 +365,6 @@ BOOST_FIXTURE_TEST_CASE( f32_f64_conversion_tests, tester ) try {
  */
 BOOST_FIXTURE_TEST_CASE( check_entry_behavior, TESTER ) try {
    produce_blocks(2);
-
    create_accounts( {N(entrycheck)} );
    produce_block();
 
@@ -468,7 +468,7 @@ BOOST_FIXTURE_TEST_CASE( stl_test, TESTER ) try {
         action msg_act;
         msg_act.account = N(stltest);
         msg_act.name = N(message);
-        msg_act.authorization = vector<permission_level>{{N(bob), config::active_name}};
+        msg_act.authorization = {{N(stltest), config::active_name}};
         msg_act.data = abi_ser.variant_to_binary("message", mutable_variant_object()
                                              ("from", "bob")
                                              ("to", "alice")
@@ -476,8 +476,8 @@ BOOST_FIXTURE_TEST_CASE( stl_test, TESTER ) try {
                                              );
         trx.actions.push_back(std::move(msg_act));
 
-       set_transaction_headers(trx);
-        trx.sign(get_private_key(N(bob), "active"), chain_id_type());
+        set_transaction_headers(trx);
+        trx.sign(get_private_key(N(stltest), "active"), chain_id_type());
         push_transaction(trx);
         produce_block();
 
@@ -489,6 +489,7 @@ BOOST_FIXTURE_TEST_CASE( stl_test, TESTER ) try {
 BOOST_FIXTURE_TEST_CASE( big_memory, TESTER ) try {
    produce_blocks(2);
 
+
    create_accounts( {N(bigmem)} );
    produce_block();
 
@@ -765,7 +766,6 @@ BOOST_FIXTURE_TEST_CASE( test_table_key_validation, TESTER ) try {
 
 BOOST_FIXTURE_TEST_CASE( check_table_maximum, TESTER ) try {
    produce_blocks(2);
-
    create_accounts( {N(tbl)} );
    produce_block();
 
@@ -955,7 +955,7 @@ BOOST_FIXTURE_TEST_CASE( lotso_stack, TESTER ) try {
    std::stringstream ss;
    ss << "(module ";
    ss << "(export \"apply\" (func $apply))";
-   ss << "  (func $apply  (param $0 i64) (param $1 i64) (param $2 i64))";
+   ss << "  (func $apply  (param $0 i64)(param $1 i64)(param $2 i64))";
    ss << "  (func ";
    for(unsigned int i = 0; i < wasm_constraints::maximum_func_local_bytes; i+=4)
       ss << "(local i32)";
@@ -967,8 +967,9 @@ BOOST_FIXTURE_TEST_CASE( lotso_stack, TESTER ) try {
    {
    std::stringstream ss;
    ss << "(module ";
+   ss << "(import \"env\" \"require_auth\" (func $require_auth (param i64)))";
    ss << "(export \"apply\" (func $apply))";
-   ss << "  (func $apply  (param $0 i64) (param $1 i64) (param $2 i64))";
+   ss << "  (func $apply  (param $0 i64)(param $1 i64)(param $2 i64) (call $require_auth (i64.const 14288945783897063424)))";
    ss << "  (func ";
    for(unsigned int i = 0; i < wasm_constraints::maximum_func_local_bytes; i+=8)
       ss << "(local f64)";
@@ -1013,8 +1014,9 @@ BOOST_FIXTURE_TEST_CASE( lotso_stack, TESTER ) try {
    {
    std::stringstream ss;
    ss << "(module ";
+   ss << "(import \"env\" \"require_auth\" (func $require_auth (param i64)))";
    ss << "(export \"apply\" (func $apply))";
-   ss << "  (func $apply  (param $0 i64) (param $1 i64) (param $2 i64))";
+   ss << "  (func $apply  (param $0 i64)(param $1 i64)(param $2 i64) (call $require_auth (i64.const 14288945783897063424)))";
    ss << "  (func ";
    for(unsigned int i = 0; i < wasm_constraints::maximum_func_local_bytes; i+=4)
       ss << "(param i32)";