Search code examples
cordacorda-flow

Verifying flows in Corda

How does a notary/node verify that a specific flow has been called when it receives the transaction?

Does this mean Corda can guarantee that the flow has not been modified from what was stated in the corresponding Cordapp?

Solution

  • In detail:

    1. It's a DLT (Distributed Ledger Technology); so in a sense, you can't really trust anyone.
    2. The notary doesn't receive flows, it receives transactions and makes sure that there is no double-spend (i.e. consumed inputs are not being consumed again).
    3. Even if you gave a node your CorDapp, it can override the responder flow. See links below.
    4. Wrong assumptions about responder flows: https://www.corda.net/blog/corda-flow-responder-wrong-assumptions/
    5. Configuring responder flows: https://docs.corda.net/flow-overriding.html
    6. Overriding flows from external CorDapps: https://dzone.com/articles/extending-and-overriding-flows-from-external-corda
    7. When you send and receive data between an initiator and its responders; the received data (on both ends) is considered untrusted; you must unwrap it and validate it: https://docs.corda.net/api-flows.html#receive

    So in short:

    1. Your initiator must validate any received data from the responder(s).
    2. Your responder must validate any received data from the initiator; plus if you expect the initiator to be a certain entity, you must validate that the counter-party (that sent you the flow session) is who you expect it to be (e.g. flowSession.counterParty == "O=Good Org, L=London, C=UK").