Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Module implementing the Ethereum ABI in Javascript. Can be used with RPC libraries for communication or with ethereumjs-vm to implement a fully fledged simulator.
There are three methods of interest:
methodID
to create a function signaturerawEncode
to encode fields andrawDecode
to decode fieldsExample code:
var abi = require('ethereumjs-abi')
// returns the encoded binary (as a Buffer) data to be sent
var encoded = abi.rawEncode([ "address" ], [ "0x0000000000000000000000000000000000000000" ])
// returns the decoded array of arguments
var decoded = abi.rawDecode([ "address" ], data)
Planned for the future is supporting the JSON ABI definition:
var abi = require('ethereumjs-abi')
// need to have the ABI definition in JSON as per specification
var tokenAbi = [{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"balanceOf","outputs":[{"name":"","type":"uint256"}],"type":"function"},{"constant":false,"inputs":[{"name":"_to","type":"address"},{"name":"_value","type":"uint256"}],"name":"transfer","outputs":[{"name":"success","type":"bool"}],"type":"function"},{"inputs":[],"type":"constructor"}]
var encoded = abi.encode(tokenAbi, "balanceOf(uint256 address)", [ "0x0000000000000000000000000000000000000000" ])
var decoded = abi.decode(tokenAbi, "balanceOf(uint256 address)", data)
var abi = require('ethereumjs-abi')
// returns the encoded binary (as a Buffer) data to be sent
var encoded = abi.simpleEncode("balanceOf(address):(uint256)", "0x0000000000000000000000000000000000000000")
// returns the decoded array of arguments
var decoded = abi.simpleDecode("balanceOf(address):(uint256)", data)
This library also supports creating Solidity's tightly packed data constructs, which are used together with sha3
, sha256
and ripemd160
to create hashes.
Solidity code:
contract HashTest {
function testSha3() returns (bytes32) {
address addr1 = 0x43989fb883ba8111221e89123897538475893837;
address addr2 = 0;
uint val = 10000;
uint timestamp = 1448075779;
return sha3(addr1, addr2, val, timestamp); // will return 0xc3ab5ca31a013757f26a88561f0ff5057a97dfcc33f43d6b479abc3ac2d1d595
}
}
Creating the same hash using this library:
var abi = require('ethereumjs-abi')
var BN = require('bn.js')
abi.soliditySHA3(
[ "address", "address", "uint", "uint" ],
[ new BN("43989fb883ba8111221e89123897538475893837", 16), 0, 10000, 1448075779 ]
).toString('hex')
For the same data structure:
0xc3ab5ca31a013757f26a88561f0ff5057a97dfcc33f43d6b479abc3ac2d1d595
0x344d8cb0711672efbdfe991f35943847c1058e1ecf515ff63ad936b91fd16231
0x000000000000000000000000a398cc72490f72048efa52c4e92067e8499672e7
(NOTE: it is 160bits, left padded to 256bits)Note that ripemd160()
in Solidity returns bytes20 and if you cast it to bytes32, it will be right padded with zeroes.
Serpent uses a different notation for the types, even though it will serialize to the same ABI.
We provide two helpers to convert between these notations:
fromSerpent
: convert a Serpent notation to the ABI notationtoSerpent
: the other way aroundExample usage:
abi.fromSerpent('s') // [ 'bytes' ]
abi.fromSerpent('i') // [ 'int256' ]
abi.fromSerpent('a') // [ 'int256[]' ]
abi.fromSerpent('b8') // [ 'bytes8' ]
abi.fromSerpent('b8i') // [ 'bytes8', 'int256' ]
abi.toSerpent([ 'bytes' ]) // 's'
abi.toSerpent([ 'int256' ]) // 'i'
abi.toSerpent([ 'int256[]' ]) // 'a'
abi.toSerpent([ 'bytes8' ]) // 'b8'
abi.toSerpent([ 'bytes8', 'int256' ]) // 'b8i'
It is to be used in conjunction with rawEncode
and rawDecode
:
var encoded = abi.rawEncode(abi.fromSerpent("i"), [ "0x0000000000000000000000000000000000000000" ])
var decoded = abi.rawDecode([...abi.fromSerpent("i"), ...abi.fromSerpent("i")], data)
Note: Serpent uses arbitary binary fields. If you want to store strings it is preferable to ensure it is stored as UTF8. Buffer.from(<string>, 'utf8')
can be used to ensure it is properly encoded.
I am more than happy to receive improvements. Please send me a pull request or reach out on email or twitter.
There is a lot missing, grep for FIXME in the source code to find inspiration.
See our organizational documentation for an introduction to EthereumJS
as well as information on current standards and best practices.
If you want to join for work or do improvements on the libraries have a look at our contribution guidelines.
Copyright (C) 2015 Alex Beregszaszi
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Decoder and encoder for the Conflux ABI
We found that @cfxjs/abi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.