►
From YouTube: TokenScript Weekly Meeting 20200423
Description
00:10:48 weiwu: https://community.tokenscript.org/t/attribute-as-contract-ref-does-not-resolve/355
A
B
B
B
B
B
Hello
Bowie
and
the
Brawn
about
bone,
you
silenced.
So
if
you,
if
you
want
to,
if
I,
wanted
to
speak
to
me,
Boone
just
type
alright
well
yeah
but
Boone,
is
it
doesn't
have
a
microphone
under
him.
Happy
talking,
everybody
like
I
do
now.
Okay,
now,
and
so
the
first
topic
is
not
only
as
it
is,
and
you
know
previously.
We
have
a
theorem
tag
that
has
a
dance
service,
multiple,
if
they're
an
element
in
cocoa
service,
multiple
purposes,
it's
either
sir
inserts
for
calling
a
trance
making
a
transaction.
B
It
serves
getting
a
tribute
from
me
theorem
as
well
as
get
him.
He
meant
for
me
theorem,
as
well
as
defining
a
smart
contract
address.
So
the
reason
I
use
one
single
element,
Cody
theorem
for
all
these
purposes
is
because
I
originally
intended
to
be
in
under
a
Baris
different
elements
and
there,
if
you're
in
Lane
space,
and
at
that
time
we
didn't
have
time
to
to
all
reorganize
it
into
namespace.
B
So,
given
that
the
the
main
mark
schema
hasn't
been
implemented
for
in
April
and
probably
will
be
amazed
at
I
wish
to
change
this,
if
there
are
monuments
in
to
their
corresponding
elements,
which
would
be
following
if
it's
an
event,
it's
going
to
be
theorem
double
colon
colon
common
event
and
if
it's
a
core
to
a
pure
or
view
function,
is
going
to
be
a
theorem
column
core.
And
if
it's
going
to
be
other
progresses,
it's
going
to
be
corresponding
different
stuff
yeah.
A
Just
a
question
on
one
of
them:
you
said
aetherium
event
as
in,
if
there's
an
event
declared
in
Tokyo
script,
it
can
only
be
defined
as
coming
from
a
theorem.
Is
there
ever?
Is
that
how
I've
understood
it,
and
and
is
there
a
possibility
that
events
can
be
sourced
from
somewhere
else
relevant
your
tokens
yeah.
B
Learnability
heard
or
saw
the
people
coming
from
easier,
they
say
an
event,
but
it's
not
in
theory
event.
So
I
use
that
word
activity
as
the
name
of
the
card,
and
that
is
an
if
you
have
activity
card,
then
it
may
may
be
corresponding
to
a
theorem
kohonen
event.
What
made
a
corresponds
to,
for
example,
something
linked
in
magic
link.
So
imagine
thing,
for
example,
can
say
that
this
link
expires
on
by
tomorrow
and
that
that
that
would
result
in
the
activity.
A
No
I
wasn't
saying
activity.
I
was
specifically
referring
to
event
so
yeah.
So
if
there's
an
event
sauce
from
aetherium
that
makes
sense
because
you've
got
etherium,
scoping
or
event
scoped
within
a
theorem
and
we'll
a
token
yeah.
It's
just
exercising
entertaining
that
thought,
as
I
took
an
issuer
ever
needing
to
create
an
event
to
say
you
know,
event
castled
Oh,
second
event,
event
yeah,
the
the
thing
that's
happening
has
been
canceled
the
thing
you
had
a
two
four
is
canceled,
so
that
is
like
a
notification
or
an
activity,
but
it's
yeah.
B
A
B
A
B
B
B
C
C
B
C
B
C
C
B
C
C
A
F
A
B
B
B
B
G
B
B
B
C
Yeah
yeah
yeah
see
what
you
mean
yeah,
because
you
can't
it's
to
do
with
the
language.
Pausing
yeah.
B
Yeah,
so
so
my
thinking
here
is
shower
trust.
This
you
search
or
share
whitelist
amuse
dead.
So
shall
we
allow
this
sheet
to
be
used,
as
is
all
the
way
white
lists
list
of
contracts
in
the
script
header
so
that
if
the
return
value
is
not
within
the
range
of
addresses-
and
it's
not
considered
trusted,
because
this
looks
look
dangerous
but
I,
don't
know
how
to
word
yeah
a
below
especially
overprotective,.
B
B
So
what
I'm
proposing
is
either
we
implement
this
post,
the
the
syntax
introduced
in
this
post.
This
is
bison
Valley
or
that
we
create
a
contract
definition
which
is
called
leading
lending
for
addresses,
inside
of
which
there
are
10,000
dresses,
which
has
impossible
or
possible
and
impose
the
lending
for
dresses
and
then,
if
the
contract,
if
the
actual
contact
refers
to
one
of
the
dresses
image
as
validations
out
there,
then
token
script
is
dealing
with
our
knowing
contract.
B
B
E
One
thing
also
to
note
is
that
you
see
for
it
to
be
able
to
take
your
funds
for
any
any
essential
transaction
like
deposit
which
moves
money
requires
that
you
have
had
approved
the
function
that
you
that
it's
taking
from.
So
if
someone
put
a
fake
address
in
and
it
was
doing
something
errand
ball,
a
coin
being
transferred,
it
would
fail
unless
they
had
already
pre-authorized
it.
C
C
Yeah,
okay,
so
basically
which
so
let
me
just
make
sure
that
I
understand
this
correctly.
We're
using
a
contract
address,
that's
being
generated
from.
If
you
scroll
up
a
bit,
it's
grown
up
a
bit.
It's
been
generated
from
yeah
this
actually
here
lending
pool
address,
which
is
a
function
which
is
the
routier.
The
return
of
this
get
them
home
function,
yeah
that
seems
reasonable
and,
like
James
said
they're
saying
it
has
its
own
safeguards
on.
E
B
B
D
C
Was
the
other
that
was
the
only
thing
that
I
was
thinking
as
well?
We're
gonna
have
to
it's
going
to
have
to
deliver
this
of
infrastructure
and
change
to
accommodate
this.
So.
B
If
somebody
wants
to
create
a
fake
transcript
in
order
for
you
to
send
transaction
to
come
to
Kitty
and
move
all
the
monies
away
from
could
go
kitty
and
all
he
has
to
do
is
first
have
write
a
new
smart
contract
and
then
use
does
not
contract
to
entrust
so
good
script.
Now,
how
does
the
user
trust
that
smart
contract
and
token
script?
We
simply
suppose
that
this
is
a
B'nai
smart
contract
called
and
called
coin
toss?
B
A
A
A
B
A
B
Which
we
didn't
yeah
yeah,
the
same
parent-
you
are
thinking
not
back
back
to
this
one.
The
tech
model
is
to
create
a
benign
token
called
coin,
tossing,
create
token
script
for
that
allowed
users
to
toss
coin
and
in
fact,
that
smart
contract
returns
the
address
of
another
contract
which
is
crypto
PT
and
take
you
this
money
away
for
the
kiddies
away.
C
Then
can
we
can
we
say
if
it's,
whichever
contract,
it's
calling
we'll
try
and
establish
what
what
that
contract
is
nicer
as
to
restriction
because
learn
what.
B
The
contract
relationship,
so
what
we
could
do
here
is
we
accept
this
behavior,
but
in
a
really
rudimentary
way
and
in
reviewing
I
really
hate.
That
is.
We
display
message
saying
that
your
token
script
is
interesting
on
knowing
contract.
Do
you
want
to
go
out?
Nobody
will
understand
what
it
means,
but
it
will.
E
E
B
B
C
Aave
AAV
Finance
think
that
interest-bearing
credit
or
whatever
wouldn't
change
so.
C
B
Okay,
sankunni
there's
no
problem,
trusting
that
an
interest-bearing
bond
is
always
returning
the
correct
lending
to
address.
That's
not
the
concern.
The
concern
is
another
token
script.
Another
contract
called
coin
tossing
and
twice
the
fun,
which
is
a
new
game
and
a
new
token
actually
returns
address.
What
of
this
one
and
takes
the
users
money
from
the
lending
pool.
B
B
A
To
rephrase
the
exploit
so
if
I've
a
contract
calls
to
the
Ave
contractor
trusted
and
if
you
call
ending
pool
address
and
get
another
address,
if
you
pass
that
trust
on
to
the
returned
address
and
then
I
can
call
that
address
freely.
If
that's
the
proposition,
then
a
possible
exploit
is
another
contract.
Call
it
game.
Token
can
say:
hey
game
token,
get
me
my
player
token,
and
with
that
address
it
can
call
things
freely
on
it.
A
C
You,
if
you're,
if
you're,
calling
a
contract
from
another
contract,
does
it
take
I
thought
it
took
the
the
most
immediate
contract
as
the
address,
rather
than
the
calling
one
I'm
not
sure
how
it
works.
How
does
it
work
in.
C
B
B
C
B
For
someone
and
then
the
coin-tossing
one
simply
says
that
it
returns
a
contract
address
which
is
which
is
not
even
written
by
him,
which
is
the
rabdi
third
master,
contrary
dress,
and
then
it
helps
you
to
construct
the
transaction
because
for
all
your
appease
their
way,
there's
no
approval
approving
well
doing
this,
but
then
that's
a
try.
It's
from
that's
a
transfer
function.
Yes,
if
of
course
you
can
guard
it
if
you
have
the
rep
if
their
talk
is
good,
but
you.
B
The
contract
equals
contract
equals,
get
my
W
change
address,
and
this
this
is
talkin.
Javascript
is
written
for
a
B'nai
token
called
coin
tossing,
but
it
returns
in
the
contorting
contract
attribute.
It
actually
returns
that
the
address
public,
ETH
master
contract
and
then,
in
the
coin,
tossing
transaction
section,
a
transaction
portion.
It
actually
caused
the
W
th
in
contracts
transfer
and
by
default
whispered
to
the
attacker.
You.
B
E
B
A
B
Proxy,
our
proofs.
Now
then,
it's
relatively
simple,
because
W
ETH
contract
has
not
approved
coin-tossing
contract
and
to
take
users
money
away.
Even
if
the
contracts
tossing
contract
is
able
to
help
to
help
construct
the
transaction
to
remove
the
users
preferences
and
the
contract
in
turn
costs
roughly
easier.
B
D
B
Would
be
hard
to
do
it's
learnability
heard
of
because
it's
creates
one
more
reason
to
fail,
so,
but
really
what
it
works
is
that
you
declare
all
contract
and
contracts
all
the
contracts
you
are
going
to
send
transactions
to
in
the
script
that
is
called
whitelisting
and
then
you
have
your
hands.
Do
have
this
structure
that
returns
the
contract
address.
However,
if
the
contract
address
doesn't
fall
into
one
of
the
predefined
relationships,
then
it
doesn't
work.
D
D
B
C
About
this,
can
we
do
it
so
that
if
it's
on
it
behaves
differently
if
it's
on
a
test
net,
if
it's
on
a
main
net
or
possibly
you
have
a
debug
version,
can
can
real
answer.
C
C
True
but
I
think
if
there
could
be
some
kind
of
directive,
like
you
know,
like
you
know
like
in
that.
C
The
user
does,
like
Joan,
said,
says:
if
somebody,
if
some
developers
worked
on
it
and
they
deploy
it
and
then
all
of
a
sudden
doesn't
work
on
the
main
net
because
they
want
to
wear
some
difference.
So.
C
E
C
Mean
I
mean
being
the
restrictive
behavior
if
there
was
a
flag
like
a
debug
flag
or
something
in
the
script,
I
don't
know
that.
B
And
maybe
someone
can
make
a
work
out
how
landing
pod
recipe
works
and
what
a
not
even
it's
a
work
like
a
load,
the
distributor
whether
or
not
it
works
like
a
protection
mechanism,
so
that
an
new
contract
to
replace
the
old
one.
If
it's
an
food,
if
it's
like
load
balancing
this
is
full
of
addresses,
then
we're
stuck
here.
B
We
have
to
use
the
whitelisting
if
this
is
simply
a
way
to
inform
the
user
of
change
of
the
contract,
and
we
simply
can't
evaluate
that,
and
if
this
address
return
value
is
this,
this
value
this
contract,
the
function
call
return
value
is
not
equal
to
the
contract
that
is
been
defined
for
transaction.
Then
we
simply
pay
out
saying
that
this
talk
is
good,
must
be,
and.
A
A
What
we
want
is
token
scripts
talking
and
that's
great
if
we
lock
a
token
script
to
a
contract
and
then
then
we
be
interoperable
after
that,
whereas
currently
tokens
are
being
built
to
be
interoperable
at
the
smart
contract
level
already
and
we
s
trying
to
say:
hey,
don't
don't
trust
each
other
down
there
trust
each
other
up
here.
It's.
B
Interesting
design
choice,
it
there's
no
boundary
protection.
Basically,
if
you,
if
you
look
at
the
tech
surface,
there
are
so
many
attacks
is
possible
that
if
your
contract
involves
other
contracts,
but
the
user
simply
trust
the
original
contract
and
doesn't
have
to
know
nobody
audio
at
all
the
chain
of
trust,
it's
the
same
same
same
same
situation
where
DDP
security
was
not
being
being
talked
about,
because
people
simply
passed
balls
to
each
other
without
know
if
the
other
person
is
a
bad
person.
B
G
A
A
trust
relationship,
it's
perhaps
it's
worth
looking
at
more
examples
as
well.
I
mean
I,
can't
think
of
any
off
the
top
of
my
head,
but
just
to
make
sure
if
there
are
many
popular
use
cases
that
this
works
or
if
we
accept
that
those
use
cases
are
not
or
token
scripts
designed
for
just
to
have
that
data
with
us
would
be
helpful.
Yeah.
B
B
C
B
B
B
B
B
The
next
one
is
this
trivial
one
that
is,
we
don't
have
a
data
type
that
has
syntax
for
using
address.
You
know.
Sometimes
we
need
to
compare.
The
dress
is
the
same,
ignoring
the
case,
and
so
what
I
could
do
is
to
define
oh
I
D
notion,
I've,
seen
new
syntax
to
be
used
for
addresses
this.
This
is
like
you
know.
We
have
syntax
for
four
four
strains:
syntax
for
general
dejected,
generalized
harm.
We
can
add
another
syntax
for
if
you
address
so
that
case
case,
insensitive
comparison
can
be
done.
B
That's
alright,
I,
guess
and
then
there's
our
operational
tributes,
so
operational
user
is
the
concept
in
directory
service,
so
a
directory
service
server
is
where
you
have
that
objects
and
you
have
put
them
into
a
server
so
that
they
can
be
inquired
and
our
personal
attributes
about
this
data
objects.
Separation,
for
example.
When
is
this
object
created,
and
when
is
the
time
it
is
last
accessed
and
the
host
who's
the
creator
of
this
object,
so
this.
A
B
Similar
to
a
element
in
the
event
in
the
events
and
events,
that
is,
if
you
have
an
event,
then
you
will
have
all
the
event
elements.
On
top
of
that,
you
have
a
hidden
element
code
block
ID,
which
is
the
ID,
the
comedy
of
the
block
ID
of
the
event,
and
if
there's
a
way
to
get
time,
you
can
also
get
event
can't.
These
are
simply
always
surprised,
together
with
the
event
without
having
to
define
them,
and
it's
used
for
your
issues.
The
James
Jenness
I
got.
It
pointed
out
right.
B
C
Yeah
it'd
be
nice
to
get
those
kind
of
those
kind
of
details
into
the
transcript.
B
A
B
C
C
C
Email
record
function
so
visits.
So,
if
you
just
have
a
look
at
where
the
cursor
is,
you
can
see
that
there's
a
function.
Actually,
we
can't
see
it
because
it's
off
the
end
of
the
page,
yeah
okay,
so
you've
got
this
function,
text
which
is
basically
a
function
on
the
public,
resolved
a
publicly
resolved
a
contract,
and
that
contract
takes
two
parameters.
As
you
can
see
below
you
can
see
it
takes
the
Bema,
the
string,
email,
just
a
static
gram
and
a
reference
to
another
attribute,
which
is
note.
C
If
you
scroll
down
a
little
bit,
you
can
see
that
the
note
attribute
is
sourced
from
within
the
script
itself,
and
the
reason
for
that
is
because,
if
you
look
at
the
JavaScript,
you
can
see
that
it's
a
result
of
a
calculation.
So
it's
the
ENS
name,
which
itself
is
an
attribute
plus
this
price
based
mode,
which
is
just
a
static,
JavaScript
bearable.
So
what
he
does
is
he
joins
those
and
then
takes
the
main
hash
of
that
which
becomes
the
attribute
node,
which
is
then
read
in
the
attribute
above
so
his
here's,
the
catch.
C
C
So
to
get
this
the
way
that
we
did
it
was
we
needed
to
pass
a
to
passed
method
so
in
the
first
pass,
what
we're
doing
is
putting
all
the
static
attributes
in
that
we
can
get
building
the
view
so
that
the
JavaScript
is
all
is,
is
executed
and
everything's
built
up.
So
on
the
first
pass,
we
resolve
the
node
variable
and
we've
got
that
which
is
like
basically
a
32
by
hash
result.
B
C
Up
keep
going,
you
go
yeah,
yeah,
okay,
so
now
now
we've
actually
got
node
and
we
can
inject
it
into
that
attribute
and
build
run
this
function
here
and
then
we
rebuild
the
view
a
second
time,
but
this
time
email
record
can
be
resolved.
So
then
we
can
display
that
in
the
script
does
it
make
sense
and
the
really
cool
thing
is:
if
you
cache
the
results
of
their
transactions,
it
doesn't
actually
take
any
longer
for
the
view
to
resolve.
B
Finish:
okay,
so
my
recommendation
is:
can
we
do
this
in
a
similar
fashion
as
how
react
yes,
propagates
random
changes?
So
let's
say
you
are
feeling
you
are.
You
are
buying
in
ICO
you
by
nico.
After
you
have
to
fill
in
the
form
and
in
the
middle
of
which
I
say
Oh
Kota
is
filled
up.
If
not,
you
cannot
buy
the
SEO
anymore.
Therefore,
it
doesn't
make
sense
if
you
continue
and
the
this
proxy
event
can
profit
that
can
be
propagated
into
the
user
interface.
So
the
way
react
yes
is
designed
to
that's
right.
C
C
B
C
C
C
D
D
C
D
C
C
No,
no
so
so
you
render
the
view
for
your
all,
your
the
only
reason
you're
rendering
the
view
it's
because
you
want
to
execute
the
JavaScript
but
beyond
the
third.
The
first
view
render,
in
this
case,
you're
just
basically
using
that
web
view
as
a
JavaScript
virtual
machine
kind
of
thing.
Oh
yeah
you're,
not
in
you're,
only
interested
in
the
result
of
that
calculation.
C
D
C
C
Look
so
can
you
scroll
down
right
to
the
bottom
of
the
under
issue?
I've
put
everything
together,
so
you
can
see
the
full
JavaScript,
but
that's
of
interest
to
us
right.
Okay,
yes
bit
here,
so
you
can
see
when
the
token
gets
built.
C
D
D
C
So
right:
okay!
So
you,
when
you
first,
you
kind
of
had
to
build
a
dependency
graph
when
you've
passed
the
first
set
of
values.
So
when
you,
when
you
do
the
first
done
when
you're
building
the
view
I'm
guessing
that
you
have
a
routine
on
iOS
that
resolves
all
of
the
attributes,
yeah,
yes,.
D
C
So
you
mark
and
you
you
see
that
it's
a
user
input,
so
you
mark
it
as
unresolved
user
input
and
then
you
say:
okay,
we're
going
to
need
a
second
pass.
So
then
you
go
you
you
build
the
view
you
parse
and
then
you
see.
Okay,
okay,
we've
got
node
now
so
then
you
really
build
the
attributes
using
the
same
method.
And
now
you
can
actually
get
the
get
that
function.
C
D
C
You
not
have
a
cool
like
on
view
rendered.
D
C
D
C
D
C
C
C
B
C
C
C
D
B
That's
because
you
need
two
other
places
which
depends
on
the
the
belt
abuse
that
depends
on
the,
so
the
return
value
of
the
smart
contract
itself
needs
to
be
triggered
somewhere.
This
trigger
some
change
somewhere.
Then,
ideally,
an
a
component
is
able
to
update
itself
because
it
learned
that
a
local
attribute
has
updated,
because
a
new
call
to
a
view
function
has
been
done.