blockchaincordafraud-prevention

Is it possible for initiator of a Flow to bypass check on an attribute of state it is not consuming?


Scenario

State1->Flow1->State2 (State1 is input and State2 is output) 
State2->Flow2->State3 (State2 is input and State3 is output)

In Flow2, State2 is the only input state but Initiator part of Flow2 contains a check on attribute of State1(by querying it from the ledger).

Query

Is it possible for Initiator of Flow2 to bypass that check to commit some fraud? If yes, then how can it be prevented?

[Note that the check is on State1 which is not an input state of Flow2 otherwise an additional check could have been put inside related contract of Flow2 to prevent the fraud.]


Solution

  • There's nothing stopping initiator from bypassing the check since it's at the flow level, so yes he can commit fraud.

    To prevent it

    1. If the responder of Flow 2 has State1 in his vault in the first place, then he could execute the same check since he doesn't trust the initiator.
    2. Else then you have to provide State 1 as an input of the transaction in Flow 2 and validate it in the contract.