0

I want to build a smart contract function, which use caller's password as params. I have no knowledge about blockchain security, so I ask the following question:

When calling a smart contract function, do the params record on blockchain?

Further more, what information will record in blockchain if an address calls a function of a smart contract? I think the logs emit by the events must record on blockchain, besides these, anything more? I've learned before that a contract address calling leaves logs on blockchain, but an account address(EOA) calling doesn't. Is it true?

Huowuge
  • 41
  • 5

1 Answers1

1

Function parameters are part of the transaction, which is part of the calldata. So calldata is also persisted. Eventhough it is persisted, that doesn't mean it is easily available. Calldata is not indexed, and is not available at runtime. But the data is available to the nodes (for sure to those who runs full node, not sure about the light nodes).

Calldata can be accessed by running a localnode, which means it is not available for any functions at runtime, the only calldata that is available at runtime is the parameters for that particular transaction.

So, if you call a function with a password parameter, someone somewhere can see it for sure.

Jimson James
  • 2,937
  • 6
  • 43
  • 78
  • Thanks for you reply, then I need to rebuild my project contract. – Huowuge Feb 01 '23 at 16:57
  • Any suggestion about setting a password to call a certain function? I have no idea... – Huowuge Feb 01 '23 at 17:01
  • even if you solve the function's exposed parameters problem through asymmetric crypto, how do you validate it? correct password needs to be accessible to the contract to check whether the incoming password is correct or not, right? The only way out is through zk-SNARKs – Jimson James Feb 01 '23 at 19:27