Ledger: Add Data Validation

[ericpassmore]

Validate data for all known calls, check to make sure no extra data included.

Data Validation Todo List

Based on analysis of eos_stream.c, here are all known actions that need data validation:

Token Actions

• ✅ TOKEN_TRANSFER_ACTION (transfer) - eosio.token and core.vaulta contracts
  • Already has validation via isTransferDataValid() function
  • Used in lines 338, 417, 852-854
• ✅ VAULTA_SWAPTO_ACTION (swapto) - core.vaulta contract
  • Processed by processTokenTransfer() function
  • Used in lines 320, 401, 842-844

EOSIO System Actions (eosio and core.vaulta contracts)

• DELEGATEBW_ACTION (delegatebw)
  • Processed by processEosioDelegate() function
  • Used in lines 345, 423, 859
• UNDELEGATEBW_ACTION (undelegatebw)
  • Processed by processEosioUndelegate() function
  • Used in lines 348, 424, 862
• VOTEPRODUCER_ACTION (voteproducer)
  • Processed by processEosioVoteProducer() function
  • Used in lines 363, 429, 868
• BUYRAM_ACTION (buyram)
  • Processed by processEosioBuyRam() function
  • Used in lines 354, 426, 871
• BUYRAM_ACTIONBYTES (buyrambytes)
  • Processed by processEosioBuyRam() function
  • Used in lines 357, 427, 872
• SELLRAM_ACTION (sellram)
  • Processed by processEosioSellRam() function
  • Used in lines 360, 428, 875
• UPDATE_AUTH_ACTION (updateauth)
  • Processed by processEosioUpdateAuth() function
  • Used in lines 366, 430, 878
• DELETE_AUTH_ACTION (deleteauth)
  • Processed by processEosioDeleteAuth() function
  • Used in lines 369, 431, 881
• REFUND_ACTION (refund)
  • Processed by processEosioRefund() function
  • Used in lines 351, 425, 865
• LINK_AUTH_ACTION (linkauth)
  • Processed by processEosioLinkAuth() function
  • Used in lines 372, 432, 884
• UNLINK_AUTH_ACTION (unlinkauth)
  • Processed by processEosioUnlinkAuth() function
  • Used in lines 375, 433, 887
• NEW_ACCOUNT_ACTION (newaccount)
  • Processed by processEosioNewAccountAction() function
  • Used in lines 378, 434, 890

State-Neutral Actions

• ✅ NOOP_ACTION (noop) - null.vaulta contract
  • Processed by processNoOperation() function
  • Used in lines 330, 409, 847
• ✅ IDENTITY (identity) - 0x00 contract
  • Processed by processNoOperation() function
  • Used in lines 331, 410, 849

Implementation Notes

• Each action needs a corresponding data validation function similar to isTransferDataValid()
• Validation should check for exact expected data size and structure
• Actions are defined as constants in lines 38-55 of eos_stream.c
• Contract owners are defined in lines 31-35
• The isKnownAction() function (lines 397-439) determines which actions are recognized
• Data validation should prevent extra data from being included in action payloads

Progress

Completed: 1/16 actions (6.25%)

• ✅ TOKEN_TRANSFER_ACTION (transfer)

Remaining: 15/16 actions (93.75%)

[ericpassmore]

Restrict transfer to know accounts.

[ericpassmore]

Completed: 4/16 actions (25%)

• ✅ TOKEN_TRANSFER_ACTION (transfer) - eosio.token and core.vaulta contracts
• ✅ VAULTA_SWAPTO_ACTION (swapto) - core.vaulta contract
• ✅ NOOP_ACTION (noop) - null.vaulta contract
• ✅ IDENTITY (identity) - 0x00 contract

Remaining: 11/16 actions (75%)

[ericpassmore]

postponing due to change in priorities.