jetton-wallet implementation mean such transfer_notification
https://github.com/ton-blockchain/token-contract/blob/main/ft/jetton-wallet.fc
var msg_body = begin_cell()
.store_uint(op::transfer_notification(), 32)
.store_uint(query_id, 64)
.store_coins(jetton_amount)
.store_slice(from_address)
.store_slice(either_forward_payload)
.end_cell();
msg_body is sent the msg to owner_address, no data jetton_master_address is transferred.
So, when the owner (smart contract) catches the message and read the data the code to read the info looks like this:
if (op == op::transfer_notification()) {
throw_unless(error::invalid_address(), equal_slices(sender_address, jetton_wallet));
int jetton_amount = in_msg_body~load_coins();
throw_if(error::insufficient_jetton_amount(), jetton_amount <= 0);
slice from_address = in_msg_body~load_msg_addr();
slice payload = in_msg_body;
int either_payload = payload~load_uint(1);
if (either_payload) {
slice payload = payload.preload_ref().begin_parse();
}
The question is
How to identify jetton? How to validate the info? There is no jetton metadata information. It looks like a hacker can send tvm inner message in order to steal the jettons? Is is possible to transfer several types of jettons? It looks, I don't understand something.
I found it's hard to verify the jetton on chain too. From the official's docs, it can be done off-chain:
But it seems to be hard to do so given we only have the sender address and receiver's jetton wallet address. Unless you have the exact jetton master code data and can calculate onchain or you won't be able to achieve it as far as I know.