We know that in EVM, the value of private variables in smart contracts can be obtained through web3.eth.getStorageAt()
So is there a similar situation in fuel?
Here is a simple example I wrote:
contract;
abi GetHash {
#[storage(read, write)]
fn getRandom() -> u64;
}
use std::{
auth::msg_sender,
block::timestamp,
hash::*,
};
use std::primitive_conversions::u64::*;
configurable {
ADMIN: Identity = Identity::Address(Address::from(0x3e15247411a05edc60391d7410eabc3d0ee2eb5f8b2bd8102b41e7e94b22fbf2)),
}
enum AuthorizationError {
SenderNotOwner: (),
}
storage {
counter: u64 = 1,
}
impl GetHash for Contract {
#[storage(read, write)]
fn getRandom() -> u64 {
require(
msg_sender().unwrap() == ADMIN,
AuthorizationError::SenderNotOwner,
);
let pre_counter = storage.counter.read();
storage.counter.write(pre_counter+1);
let geni: u256 = (sha256(..., storage.counter.read(),...);
let u64_from_u256: Option<u64> = <u64 as TryFrom<u256>>::try_from(geni);
u64_from_u256.unwrap()
}
}
There is a storage variable counter inside. Outside the smart contract, can the value of this counter be obtained through some underlying code (similar to web3.eth.getStorageAt)?
Hey @william, Can you please specify the use case in a bit more detail? What is “outside the smart contract”? Do you have access to contract’s storage in that code “outside the smart contract”? If the access is allowed and we know the slot of the variable counter in that code, the low-level storage_api functions read and write can always be used. Assuming of course that that code is written in Sway But it would be interesting to understand the use case first.
Hi @Nazeeh21 What’s mean have access to the contract’s storage?
A common use case is the generation of pseudo-random numbers on the chain, such as the simple example I wrote above using sway. In order to prevent others from guessing the random numbers, a counter is added. Each time it is called, it automatically increases by 1. In order to prevent anyone from calling , I set full permission to call the random number interface. This permission can of course be set to a certain contract, but if there is an external contract that can read the value of this counter, or an external SDK can read this counter (similar to Ethereum’s private Variables can be read through slots), then the random number can be predicted. Even if the contract code that generates the random number is not open source, the algorithm that generates the random number can be inferred through multiple tests to predict the random number. If this is the case, then we may have to use an oracle, similar to chainlink’s vrf, which can verify pseudo-random numbers.