BCSkill (Block chain skill )
区块链中文技术社区

只讨论区块链底层技术
遵守一切相关法律政策！

最近在做一个dapp,由于服务器所在地原因,导致内陆用户访问不稳定,所以更换下服务器,做个简单的停机迁移记录

停止原服务器Dapp程序,备份数据库

mkdir dmp
cd dmp
mongodump  -d 需要备份的数据库的名字 -o ./数据名.dmp

等待结束后,会将备份的数据库写到/dmp/数据库名/各种表名

将备份文件下载到本地

scp -P 远程服务器端口 -r 登录名@远程服务器ip:/data/dmp/* /Users/surou/Downloads

将备份上传到新服务器

scp -r 数据库.dmp/* 登录名@远程服务器ip:/data/dmp -P 远程服务器端口

导入备份

登陆新服务器

mongorestore -d 数据库名 ./dmp

参考

https://www.jianshu.com/p/d60691bdc72f
https://www.cnblogs.com/zhaofeng555/p/8075279.html

合约

void xxx_contract::updatetime(eosio::time_point timestamp){
    require_auth( _self.value );
    system_tables system_table(_self, _self.value);
    auto itr = system_table.begin();
    if(itr == system_table.end()){
        system_table.emplace( _self, [&]( auto& s ) {
            s.id = system_table.available_primary_key();
            s.zero_time = timestamp;
        });
    }else{
        system_table.modify( itr, _self, [&]( auto& s ) {
            s.zero_time = timestamp;
        });
    }
}

Js

push action 参数为 new Date().getTime() * 1000

昨日EOS紧急更新了一个偷窃RAM漏洞的补丁，今天和远航讨论到该漏洞，远航提供了昨日官网修复该漏洞的patch，于是又有了想复现漏洞的冲动，最后验证并在测试网络还原了该漏洞。

漏洞详情
该漏洞是因为EOSIO系统对于合约inline调用合约内的其他函数不会进行权限检测，从而恶意合约可以使用任何其他账号的权限调用该合约的其他方法。比如下图：

漏洞复现操作如下

漏洞解决
合约内inline调用也需要eosio.code授权

漏洞复现源码
https://github.com/itleaks/eos-contract/tree/master/stealram2-exp

附录
再次感谢远航提供资料

转载自：https://mp.weixin.qq.com/s/gYEuGB2_fZf8OHlQqGBJ8A

麒麟测试网查询演示

cleos -u http://api.kylin.eosbeijing.one:8880 get schedule -j

返回

{
  "active": {
    "version": 205,
    "producers": [{
        "producer_name": "acryptotitan",
        "block_signing_key": "EOS5DjZn3myq4mhJxppyaryk6UYhM2hbYrPWT5rthK5WZwtHMZuy1"
      },{
        "producer_name": "alohaeostest",
        "block_signing_key": "EOS78GmL1BFNGR2r5ME16onmSRi1ZtkaJ5CWRxrj4h5fDgZx5yJ8v"
      },{
        "producer_name": "blockmatrix2",
        "block_signing_key": "EOS5fotKCkwqjZSki6vs85AQju9MbwRu13ruZDqe28jpbDs4ZZsrf"
      },{
        "producer_name": "eosargentina",
        "block_signing_key": "EOS5CZar1N2ip7LQTZ5dyCZDvr84dzEJn5yqmR7GSbEoS5Ci9BTH3"
      },{
        "producer_name": "eosasia11111",
        "block_signing_key": "EOS8LpSDbAPACxHJoxJsbWdZ7pvEeZpZ9qZfKiEiC6KuF6btUiwgZ"
      },{
        "producer_name": "eosbeijingbp",
        "block_signing_key": "EOS6r6PuKi5WHH7TnY6AtDMyVdfcXyPPCz23MEBcgaMv2DcuXS5Eh"
      },{
        "producer_name": "eosbixincool",
        "block_signing_key": "EOS59TifUUjWM5UzajhYAA1S87c32pNKyrNnZMfBay564FMdgX1Pu"
      },{
        "producer_name": "eoscanadacom",
        "block_signing_key": "EOS8UkwZgsb43ntVYWFkpKtB6kDPkdLWVuEYSmKkBRcwSZYA9CBbN"
      },{
        "producer_name": "eosecoeoseco",
        "block_signing_key": "EOS6BBBTt5yMwBsmnFLtRVh9aQzqnt4aztr82Cu79DnJBdnXcy3RA"
      },{
        "producer_name": "eoshenzhensa",
        "block_signing_key": "EOS7sFWT7XyywiDH9QUrLAcfBNz9sVL5LdVAVUxmDdXJUoXZm9NVs"
      },{
        "producer_name": "eosiomeetone",
        "block_signing_key": "EOS5iW6gVzrHzk3KmpQoeE1ErJfvYvKvB5jYmjDNPZHsxtM8ttm4L"
      },{
        "producer_name": "eosiosg11111",
        "block_signing_key": "EOS6c9FmXf1G9nApRBYq73yjS2v1QPzTKC8d5vhkPJEN3U8rJazAh"
      },{
        "producer_name": "eoslaomaocom",
        "block_signing_key": "EOS8D9EjwHnbdnwzM5bRAfFsGUigGKsfgfAAcBqf1rb1QbYC2HZms"
      },{
        "producer_name": "eospaceioeos",
        "block_signing_key": "EOS6yHKg1ve1i4AguSYUNNrzBoBxkjyxrhg8pyZqmFWeFXkf4JX4p"
      },{
        "producer_name": "eospacific11",
        "block_signing_key": "EOS6iPvbhEc881Dz9fYKqU78F3awvUyrA5WSmRw186bj4cNyMpZ5z"
      },{
        "producer_name": "eosriobrazil",
        "block_signing_key": "EOS7RioGoHQnhv2fJEiciP9Q7J8JgfJYFcyofVkmCqMop8Q1PzgqP"
      },{
        "producer_name": "eosstorebest",
        "block_signing_key": "EOS5gGxvNkBHbp3EuBBxTLRBoXiJPY6HCKFujtEJtco7GBFYpZ8kM"
      },{
        "producer_name": "eosswedenorg",
        "block_signing_key": "EOS6FJ5PawjQnS61jAEmAevAvS1gNNpbQV7SuE5h8T1aTN3DmaWbw"
      },{
        "producer_name": "gravitypooll",
        "block_signing_key": "EOS7GN7cac2MFkbEhTn25AgV3ZHniBHJwASdwq5DG5X56NMGHUg71"
      },{
        "producer_name": "helloeoschbp",
        "block_signing_key": "EOS6Zvy5nitCsMfnuQYaTQVDQRf4J5EGgCKyRgmhiZoptDLU2QiWX"
      },{
        "producer_name": "superoneiobp",
        "block_signing_key": "EOS7JdJSoAb5N13wG7muMvTiawp3swKuQ3ccHpF6KaCpwiwqBPn3d"
      }
    ]
  },
  "pending": null,
  "proposed": null
}

备注

现在的出块顺序是按ascii排序的，理想的是支持heartbeat,按地理位置顺序出块，可减少延迟不稳定等问题

定义table

struct [[eosio::table("sellheros"), eosio::contract("xxx.game")]] sellhero{
        capi_checksum256 tx_hash;
        ....

        auto primary_key() const { return *(uint64_t*)&tx_hash; }
    };

创建table

typedef eosio::multi_index<"sellheros"_n, sellhero> sellhero_tables;

查询

taskhash_tables taskhash_table(_self, account);
auto itr_task = taskhash_table.find(*(uint64_t*)&client_random_hash);
eosio_assert(itr_task != taskhash_table.end(), "random hash is not exist" );

hash 生成

capi_checksum256 bcskill_contract::tx_hash(){
    size_t tx_size = transaction_size();
    char buff[tx_size];
    size_t read = read_transaction(buff, tx_size);
    capi_checksum256 h;
    sha256(buff, read, &h);
    return h;
}

添加数据

capi_checksum256 hash = tx_hash();
    sellhero_tables sellhero_table(_self, _self.value);
    sellhero_table.emplace( _self, [&]( auto& h ) {
        h.tx_hash = hash;
       ...
    });

新增索引方法

using eosio::fixed_bytes;

#define SHA_TO_HASH_FUNC static fixed_bytes<32> checksum256_to_sha256(const capi_checksum256 &hash) \
        { \
            const uint64_t *p64 = reinterpret_cast<const uint64_t *>(&hash); \
            return fixed_bytes<32>::make_from_word_sequence<uint64_t>(p64[0], p64[1], p64[2], p64[3]); \
        }
#define SHA_TO_HASH(hash) checksum256_to_sha256(hash)

struct [[eosio::table, eosio::contract("bcskillsurou")]] tokeninfotb {
        uint64_t id;                                   // id
        capi_checksum256 transaction_id;               // 交易id

        uint64_t primary_key() const { return id; }
        fixed_bytes<32> second_key() const { return SHA_TO_HASH(transaction_id); }
        SHA_TO_HASH_FUNC
        EOSLIB_SERIALIZE(tokeninfotb, (id)(transaction_id))
    };

typedef eosio::multi_index<"tokeninfotb"_n, tokeninfotb, eosio::indexed_by<"bysubkey"_n, eosio::const_mem_fun<tokeninfotb, fixed_bytes<32>, &tokeninfotb::second_key>>> tokeninfo_table;

参考

https://eosio.stackexchange.com/questions/3219/how-to-properly-use-cleos-get-table-with-key-type-sha256-secondary-index-fa