reject unprotected && unwhitelisted action

action/sealedenvelope.go

@@ -242,3 +242,13 @@ func (sealed *SealedEnvelope) VerifySignature() error {
 	}
 	return nil
 }
+
+// Protected says whether the transaction is replay-protected.
+func (sealed *SealedEnvelope) Protected() bool {
+	switch sealed.encoding {
+	case iotextypes.Encoding_TX_CONTAINER:
+		return sealed.Envelope.(*txContainer).tx.Protected()
+	default:
+		return sealed.encoding != iotextypes.Encoding_ETHEREUM_UNPROTECTED
+	}
+}

api/coreservice.go

@@ -460,7 +460,7 @@ func (core *coreService) SendAction(ctx context.Context, in *iotextypes.Action)
 		g        = core.Genesis()
 		deployer = selp.SenderAddress()
 	)
-	if selp.Encoding() == uint32(iotextypes.Encoding_ETHEREUM_UNPROTECTED) && !g.IsDeployerWhitelisted(deployer) {
+	if !selp.Protected() && !g.IsDeployerWhitelisted(deployer) {
 		return "", status.Errorf(codes.InvalidArgument, "replay deployer %v not whitelisted", deployer.Hex())
 	}
 

state/factory/workingset.go

@@ -194,7 +194,7 @@ func (ws *workingSet) runAction(
 	}
 	// for replay tx, check against deployer whitelist
 	g := genesis.MustExtractGenesisContext(ctx)
-	if selp.Encoding() == uint32(iotextypes.Encoding_ETHEREUM_UNPROTECTED) && !g.IsDeployerWhitelisted(selp.SenderAddress()) {
+	if !selp.Protected() && !g.IsDeployerWhitelisted(selp.SenderAddress()) {
 		return nil, errors.Wrap(errDeployerNotWhitelisted, selp.SenderAddress().String())
 	}
 	// Handle action