These are chat archives for Nethereum/Nethereum

15th
Jun 2018
Enigmatic
@EnigmaticUnreal_twitter
Jun 15 2018 02:20

@devedse - Yes the private keys would be exposed - First by having your local geth node unlocked, and if it's exposed to remote connection, then anyone else having access to your geth node can transfer funds out from your unlocked account. Second, it would also expose your password if you're connected to a rogue geth.

Better to have the local device sign the transaction and send it as a raw transaction so you don't need to expose the personal rpcapi on geth.

There should be ways to secure the connection to geth infra-wise, though am not an expert in this domain myself.

Juan Blanco
@juanfranblanco
Jun 15 2018 04:27
@StefH you can create custom templates of course, that is the idea to make it very extendable and reuse stuff. https://github.com/Nethereum/Nethereum/tree/master/src/Nethereum.Generators everything is from here
Truong Dang Nghia
@DangNghia123_twitter
Jun 15 2018 04:36
@juanfranblanco
hi, i want to get all constract adress of tokens in my wallet because when i want to check tokens balance it must be specificed for each token
Juan Blanco
@juanfranblanco
Jun 15 2018 04:38
yeah
that is what happens
there are 2000+ ERC20 Tokens on the chain

@devedse

Hi guys question, I if I connect to a GETH node using Nethereum, and that GETH node is fully exposed to the internet, will a Web3.unlock account actually send my private key over to the node itself?
As in, if I would connect to a rogue GETH client using Nethereum would they be able to do anything?

Web3.Unlock account unlocks your account mainly so anybody that can get access to your node (as it will be discoverable part of the p2p) can send any transaction on your behalf.
Also they can check what accounts you have (getAccounts) check their balance.. and send all the Ether from there.
They could get also clever and check the balance of many ERC20 contracts and send their balance to themselves. They dont have your private key, but they can do anything
Juan Blanco
@juanfranblanco
Jun 15 2018 04:45
@Pzixel That is a rather great analysis :)
The bottleneck before hand is due filling the pending transaction queue
@devedse what @EnigmaticUnreal_twitter says, i should read in backwards order
or read the lot first :D
@Pzixel I assume you are running Proof of Authority?
This article is great
ployandppp社長
@ployandppp_twitter
Jun 15 2018 08:00
Hello, I'm trying to develop an Android Unity game with Nethereum. It works like a charm when I testing a connection like sending transaction between Unity PC run and my private blockchain but I cannot connect from my phone to my geth node. I gave all network permission to my app but it still can't. Debug also shows throwing exception with "unknown" reason. Does anyone have any idea?
The error stage comes from TransactionSignedUnityRequest.
Juan Blanco
@juanfranblanco
Jun 15 2018 08:04
hmm
But does it work on other requests?
like querying etc?
ployandppp社長
@ployandppp_twitter
Jun 15 2018 08:14
It doesn't work too. I just try it with GetBalance.
Juan Blanco
@juanfranblanco
Jun 15 2018 08:15
ah cool (just validating it was actually the connection itself)
have you tried with a public node? Or external IP?
mainly GetBalance from infura
it might be an internal network problem
ployandppp社長
@ployandppp_twitter
Jun 15 2018 08:19
Thank you so much for your advice! I will try it. (Sorry for such a noob question)
Juan Blanco
@juanfranblanco
Jun 15 2018 08:19
Oh no i remember banging my head with this a while ago.. but I cannot remember the resolution
not in Unity btw..
also for https
ServicePointManager.ServerCertificateValidationCallback += delegate (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
foreach (X509ChainStatus status in chain.ChainStatus)
{
if (status.Status != X509ChainStatusFlags.PartialChain)
{
return false;
}
}
return true;
}
return false;
};
this might help
Psilon
@Pzixel
Jun 15 2018 09:18

@juanfranblanco

@Pzixel I assume you are running Proof of Authority?

yep

p0isoN
@p0isoNz_twitter
Jun 15 2018 09:19
How do i get token symbol and decimals from address?
Juan Blanco
@juanfranblanco
Jun 15 2018 09:41
depends if the contract implements that
some tokens don't
just use the function from the standard token
p0isoN
@p0isoNz_twitter
Jun 15 2018 11:10
@juanfranblanco I tried but I didn't know what to put in the Paramus
Is there an example somewhere
Enigmatic
@EnigmaticUnreal_twitter
Jun 15 2018 13:03
Something like this in VB
Dim rTokenName As String = Await contract.GetFunction("name").CallAsync(Of String)
Am out otherwise I would get you a c# example :)
Juan Blanco
@juanfranblanco
Jun 15 2018 14:05
@p0isoNz_twitter
public async void ShoulReturnData()
{
            var web3 = Web3Factory.GetWeb3();
            var deploymentHandler =  web3.Eth.GetContractDeploymentHandler<EIP20Deployment>();
            var receipt = await deploymentHandler.SendRequestAndWaitForReceiptAsync(new EIP20Deployment()
            {
                DecimalUnits = 18,
                InitialAmount = BigInteger.Parse("10000000000000000000000000"),
                TokenSymbol = "XST",
                TokenName = "XomeStandardToken"
            });

            var contractHandler = web3.Eth.GetContractHandler(receipt.ContractAddress);
            var symbol = await contractHandler.QueryAsync<SymbolFunction, string>();
            var tokenName = await contractHandler.QueryAsync<NameFunction, string>();

            Assert.Equal("XST", symbol);
            Assert.Equal("XomeStandardToken", tokenName);
 }
That uses the already generated commands / functions included in the StandardToken library
Devedse
@devedse
Jun 15 2018 15:27
@juanfranblanco , in regards to your answer about security and geth nodes. Does that basically mean that if I do stuff with Nethereum on for example Infura that infura knows all my private keys? Also you said that I could use SendRawTransaction, but shouldn't this be what Nethereum uses as default then when doing contract operations?
Juan Blanco
@juanfranblanco
Jun 15 2018 15:27
no infura does not know about your private keys
Devedse
@devedse
Jun 15 2018 15:28
But why if I run my local node and connect Nethereum to it, it will then?
I don't quite understand the difference
maybe that helps
Devedse
@devedse
Jun 15 2018 15:28
@devedse - Yes the private keys would be exposed - First by having your local geth node unlocked, and if it's exposed to remote connection, then anyone else having access to your geth node can transfer funds out from your unlocked account. Second, it would also expose your password if you're connected to a rogue geth.
That's what @EnigmaticUnreal_twitter said
Juan Blanco
@juanfranblanco
Jun 15 2018 15:29
When you run a node locally it can manage your account and sign transactions for you and send them
Infura a public node does not have any "accounts" key store files
it mainly relays the signed trasanctions from your account
so..
when you sign a transaction with Nethereum it just gets send to the network
Devedse
@devedse
Jun 15 2018 15:30
Ah ok, but how can you decide to also do the signing in code instead of on your local node?
So the default way is that Nethereum handles the accounts and the GETH node does not?
Juan Blanco
@juanfranblanco
Jun 15 2018 15:31
you do it by the way your account is initialised
so if you use a ManagedAccount(address, password)
you are mainly letting your client to unlock that account for that transaction
using the password
Devedse
@devedse
Jun 15 2018 15:32
ah ok
Juan Blanco
@juanfranblanco
Jun 15 2018 15:32
BUT if you create an Account(privateKey)
Devedse
@devedse
Jun 15 2018 15:32
So basically in my situation I should never use a ManagedAccount?
Because it will expose security risks?
Juan Blanco
@juanfranblanco
Jun 15 2018 15:32
yeah
Devedse
@devedse
Jun 15 2018 15:32
ok then that explains it ^^
Juan Blanco
@juanfranblanco
Jun 15 2018 15:32
you should not have any key store files in your node
Devedse
@devedse
Jun 15 2018 15:32
Exactly
Juan Blanco
@juanfranblanco
Jun 15 2018 15:32
well at least some that you care
Devedse
@devedse
Jun 15 2018 15:33
yeah well I don't have any anyway as I'm just using the whole node for Nethereum anyway
Juan Blanco
@juanfranblanco
Jun 15 2018 15:33
then you just use the Account(pk) option
if you look at the wallet
i limit the write to that area
as an experimental pattern
to retrieve the key for secure storage only for that transaction
all the other web3 connections are "read only
Enigmatic
@EnigmaticUnreal_twitter
Jun 15 2018 16:16
:pray: Thanks Juan.
El Amen
@ela4men_twitter
Jun 15 2018 18:40
Hi @juanfranblanco , thanks for the beautiful example. Please I am having a problem with _web3.Convert.FromWei(balance.Value, 18) function as Convert is no more valid in web3. 2.5.*. Can you please help with the new conversion function? thanks
Isaac Wooden
@iwooden
Jun 15 2018 20:58
Hi, is there a way to decode events without the ABI? Javascript Web3 provides a module you can use to do this like so:
const eventDecoder = require('web3/lib/solidity/coder.js');
var log = "0000000000000...af59a1d98489aaffccc5f4629ab5d7666a7814b6";
var string1;
var string2;
var address;
[string1, string2, address] = eventDecoder.decodeParams(['string', 'string', 'address'], log);
Aify
@Aify
Jun 15 2018 21:01
Is there a way in the Nethereum API to check for the name/symbol of a token from a contract?