how come web3 send does not require a private key or signature

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I'm building an ERC20 smart contract which will be accessed via node.js with web3 library.
I see that web3.eth.Contract has the send function, which takes the parameter from, which is being mapped to the msg.sender in the smart contract.
As far as I understand (and my debugging supports that), I can change the from field to just about any address, and by that bypass the business logic of the contract, e.g



token.methods.method_only_owner_can_activate(<some_data>).send( from: <contract_owner_address>, <gas> );


or even set the owner:



token.methods.setOwner(<my_not_owner_address>).send( from: <contract_owner_address>, <gas> );


since the address should be public, any user can create a process which mimics this behaveiour and bypasses my security logic.



There are other methods which do sign a transaction with the private key, but the fact that the send method is open for bypassing the business logic, seems like a big security concern.



As I missing something?







share|improve this question


















  • 1




    You are missing the fact that your contract_owner_address is unlocked on the Ethereum node that you are connected to. Either you are (unknowingly) unlocking it in your code, or the node is (unknowingly) unlocking it for you.
    – goodvibration
    Sep 2 at 17:38















up vote
1
down vote

favorite












I'm building an ERC20 smart contract which will be accessed via node.js with web3 library.
I see that web3.eth.Contract has the send function, which takes the parameter from, which is being mapped to the msg.sender in the smart contract.
As far as I understand (and my debugging supports that), I can change the from field to just about any address, and by that bypass the business logic of the contract, e.g



token.methods.method_only_owner_can_activate(<some_data>).send( from: <contract_owner_address>, <gas> );


or even set the owner:



token.methods.setOwner(<my_not_owner_address>).send( from: <contract_owner_address>, <gas> );


since the address should be public, any user can create a process which mimics this behaveiour and bypasses my security logic.



There are other methods which do sign a transaction with the private key, but the fact that the send method is open for bypassing the business logic, seems like a big security concern.



As I missing something?







share|improve this question


















  • 1




    You are missing the fact that your contract_owner_address is unlocked on the Ethereum node that you are connected to. Either you are (unknowingly) unlocking it in your code, or the node is (unknowingly) unlocking it for you.
    – goodvibration
    Sep 2 at 17:38













up vote
1
down vote

favorite









up vote
1
down vote

favorite











I'm building an ERC20 smart contract which will be accessed via node.js with web3 library.
I see that web3.eth.Contract has the send function, which takes the parameter from, which is being mapped to the msg.sender in the smart contract.
As far as I understand (and my debugging supports that), I can change the from field to just about any address, and by that bypass the business logic of the contract, e.g



token.methods.method_only_owner_can_activate(<some_data>).send( from: <contract_owner_address>, <gas> );


or even set the owner:



token.methods.setOwner(<my_not_owner_address>).send( from: <contract_owner_address>, <gas> );


since the address should be public, any user can create a process which mimics this behaveiour and bypasses my security logic.



There are other methods which do sign a transaction with the private key, but the fact that the send method is open for bypassing the business logic, seems like a big security concern.



As I missing something?







share|improve this question














I'm building an ERC20 smart contract which will be accessed via node.js with web3 library.
I see that web3.eth.Contract has the send function, which takes the parameter from, which is being mapped to the msg.sender in the smart contract.
As far as I understand (and my debugging supports that), I can change the from field to just about any address, and by that bypass the business logic of the contract, e.g



token.methods.method_only_owner_can_activate(<some_data>).send( from: <contract_owner_address>, <gas> );


or even set the owner:



token.methods.setOwner(<my_not_owner_address>).send( from: <contract_owner_address>, <gas> );


since the address should be public, any user can create a process which mimics this behaveiour and bypasses my security logic.



There are other methods which do sign a transaction with the private key, but the fact that the send method is open for bypassing the business logic, seems like a big security concern.



As I missing something?









share|improve this question













share|improve this question




share|improve this question








edited Sep 2 at 17:50

























asked Sep 2 at 17:17









Achi Even-dar

62




62







  • 1




    You are missing the fact that your contract_owner_address is unlocked on the Ethereum node that you are connected to. Either you are (unknowingly) unlocking it in your code, or the node is (unknowingly) unlocking it for you.
    – goodvibration
    Sep 2 at 17:38













  • 1




    You are missing the fact that your contract_owner_address is unlocked on the Ethereum node that you are connected to. Either you are (unknowingly) unlocking it in your code, or the node is (unknowingly) unlocking it for you.
    – goodvibration
    Sep 2 at 17:38








1




1




You are missing the fact that your contract_owner_address is unlocked on the Ethereum node that you are connected to. Either you are (unknowingly) unlocking it in your code, or the node is (unknowingly) unlocking it for you.
– goodvibration
Sep 2 at 17:38





You are missing the fact that your contract_owner_address is unlocked on the Ethereum node that you are connected to. Either you are (unknowingly) unlocking it in your code, or the node is (unknowingly) unlocking it for you.
– goodvibration
Sep 2 at 17:38











3 Answers
3






active

oldest

votes

















up vote
2
down vote













The web3 library creates a transaction that needs to be signed by the account specified in from. It is signed either by talking to a local node which has the private key to that account and currently has it unlocked, or by a piece of software like Metamask which controls that private key and only signs the transaction if the user confirms.



It is not possible to send a valid (signed) transaction without the private key of the account in the from field.






share|improve this answer



























    up vote
    1
    down vote













    The msg.sender property can't be faked - at least to the extent that someone can't create a transaction with a msg.sender which isn't an address they own.



    Whatever security measures you have in your contract, you can rely on the fact that the msg.sender address is the person making the transaction.






    share|improve this answer



























      up vote
      1
      down vote













      Any transaction to an actual Ethereum blockchain needs to be signed with a private key.



      For the above code to work (just supplying a from address), the node you're connected to must be doing the signing for you. As long as the from address is "unlocked" in that node (the default under a test network like ganache or done explicitly using a normal node like geth or Parity), it's able to sign the transaction with that key and send it.



      In a real-world situation, users of your app wouldn't be connected to a node that had your private key, so this is not a concern.






      share|improve this answer




















        Your Answer







        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "642"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        convertImagesToLinks: false,
        noModals: false,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













         

        draft saved


        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fethereum.stackexchange.com%2fquestions%2f57934%2fhow-come-web3-send-does-not-require-a-private-key-or-signature%23new-answer', 'question_page');

        );

        Post as a guest






























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes








        up vote
        2
        down vote













        The web3 library creates a transaction that needs to be signed by the account specified in from. It is signed either by talking to a local node which has the private key to that account and currently has it unlocked, or by a piece of software like Metamask which controls that private key and only signs the transaction if the user confirms.



        It is not possible to send a valid (signed) transaction without the private key of the account in the from field.






        share|improve this answer
























          up vote
          2
          down vote













          The web3 library creates a transaction that needs to be signed by the account specified in from. It is signed either by talking to a local node which has the private key to that account and currently has it unlocked, or by a piece of software like Metamask which controls that private key and only signs the transaction if the user confirms.



          It is not possible to send a valid (signed) transaction without the private key of the account in the from field.






          share|improve this answer






















            up vote
            2
            down vote










            up vote
            2
            down vote









            The web3 library creates a transaction that needs to be signed by the account specified in from. It is signed either by talking to a local node which has the private key to that account and currently has it unlocked, or by a piece of software like Metamask which controls that private key and only signs the transaction if the user confirms.



            It is not possible to send a valid (signed) transaction without the private key of the account in the from field.






            share|improve this answer












            The web3 library creates a transaction that needs to be signed by the account specified in from. It is signed either by talking to a local node which has the private key to that account and currently has it unlocked, or by a piece of software like Metamask which controls that private key and only signs the transaction if the user confirms.



            It is not possible to send a valid (signed) transaction without the private key of the account in the from field.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Sep 2 at 17:32









            Edmund Edgar

            13.2k11438




            13.2k11438




















                up vote
                1
                down vote













                The msg.sender property can't be faked - at least to the extent that someone can't create a transaction with a msg.sender which isn't an address they own.



                Whatever security measures you have in your contract, you can rely on the fact that the msg.sender address is the person making the transaction.






                share|improve this answer
























                  up vote
                  1
                  down vote













                  The msg.sender property can't be faked - at least to the extent that someone can't create a transaction with a msg.sender which isn't an address they own.



                  Whatever security measures you have in your contract, you can rely on the fact that the msg.sender address is the person making the transaction.






                  share|improve this answer






















                    up vote
                    1
                    down vote










                    up vote
                    1
                    down vote









                    The msg.sender property can't be faked - at least to the extent that someone can't create a transaction with a msg.sender which isn't an address they own.



                    Whatever security measures you have in your contract, you can rely on the fact that the msg.sender address is the person making the transaction.






                    share|improve this answer












                    The msg.sender property can't be faked - at least to the extent that someone can't create a transaction with a msg.sender which isn't an address they own.



                    Whatever security measures you have in your contract, you can rely on the fact that the msg.sender address is the person making the transaction.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Sep 2 at 17:24









                    AnAllergyToAnalogy

                    1,684215




                    1,684215




















                        up vote
                        1
                        down vote













                        Any transaction to an actual Ethereum blockchain needs to be signed with a private key.



                        For the above code to work (just supplying a from address), the node you're connected to must be doing the signing for you. As long as the from address is "unlocked" in that node (the default under a test network like ganache or done explicitly using a normal node like geth or Parity), it's able to sign the transaction with that key and send it.



                        In a real-world situation, users of your app wouldn't be connected to a node that had your private key, so this is not a concern.






                        share|improve this answer
























                          up vote
                          1
                          down vote













                          Any transaction to an actual Ethereum blockchain needs to be signed with a private key.



                          For the above code to work (just supplying a from address), the node you're connected to must be doing the signing for you. As long as the from address is "unlocked" in that node (the default under a test network like ganache or done explicitly using a normal node like geth or Parity), it's able to sign the transaction with that key and send it.



                          In a real-world situation, users of your app wouldn't be connected to a node that had your private key, so this is not a concern.






                          share|improve this answer






















                            up vote
                            1
                            down vote










                            up vote
                            1
                            down vote









                            Any transaction to an actual Ethereum blockchain needs to be signed with a private key.



                            For the above code to work (just supplying a from address), the node you're connected to must be doing the signing for you. As long as the from address is "unlocked" in that node (the default under a test network like ganache or done explicitly using a normal node like geth or Parity), it's able to sign the transaction with that key and send it.



                            In a real-world situation, users of your app wouldn't be connected to a node that had your private key, so this is not a concern.






                            share|improve this answer












                            Any transaction to an actual Ethereum blockchain needs to be signed with a private key.



                            For the above code to work (just supplying a from address), the node you're connected to must be doing the signing for you. As long as the from address is "unlocked" in that node (the default under a test network like ganache or done explicitly using a normal node like geth or Parity), it's able to sign the transaction with that key and send it.



                            In a real-world situation, users of your app wouldn't be connected to a node that had your private key, so this is not a concern.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Sep 2 at 17:24









                            smarx

                            16.1k1515




                            16.1k1515



























                                 

                                draft saved


                                draft discarded















































                                 


                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fethereum.stackexchange.com%2fquestions%2f57934%2fhow-come-web3-send-does-not-require-a-private-key-or-signature%23new-answer', 'question_page');

                                );

                                Post as a guest













































































                                Comments

                                Popular posts from this blog

                                What does second last employer means? [closed]

                                Installing NextGIS Connect into QGIS 3?

                                One-line joke