Corda Data Tampering Issue

Question

Background: We learned that corda is not tamper-proof but tamper-evident. So, if one of the node manipulated a state directly in the database, other nodes w

Answer 1

I'm afraid this discussion may take a while because most of us are off on holiday from this afternoon.

We'll have a go at replicating what you did here. However it's not clear to me that this is a bug.

You say you commented out the contract validation logic. It sounds like what may have happened is this:

1. Edit the states table to hold a corrupted state.
2. Build a transaction with INPUT=pointer to previous correct state. OUTPUT=(corrupted state)+edit to hold new owner field.
3. This transaction is now signed and transferred.

This transaction would have been considered invalid and rejected when the transfer to Party C is attempted, because it'd be an illegal state transition: the numbers do not balance. But you commented out the code that checks for that! So nothing anywhere is saying you aren't allowed to simply change the size of an obligation whenever you like ... Corda doesn't know that implicitly if you comment out the code that contains this knowledge. Thus from the IOU app's perspective changing the size as you transfer it is now a perfectly legitimate thing to do.

Here's the question - if you leave the app alone and don't modify its source code, is the tampering detected? If the answer is still "no" then we have some more investigation to do.