LaconicNetwork/cosmos-sdk
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

fix: fix allow list bypassed when whole spend limit used (#14615)

Browse Source
This commit is contained in:
Julien Robert 2023-01-14 01:30:46 +01:00 committed by GitHub
parent a2eb630906
commit 5213bbd653
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
x/bank/types/send_authorization.go
View File

@ -33,19 +33,14 @@ func (a SendAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptRes
return authz.AcceptResponse{}, sdkerrors.ErrInvalidType.Wrap("type mismatch")
}
toAddr := mSend.ToAddress
limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount...)
if isNegative {
return authz.AcceptResponse{}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit")
}
if limitLeft.IsZero() {
return authz.AcceptResponse{Accept: true, Delete: true}, nil
}
isAddrExists := false
toAddr := mSend.ToAddress
allowedList := a.GetAllowList()
for _, addr := range allowedList {
ctx.GasMeter().ConsumeGas(gasCostPerIteration, "send authorization")
if addr == toAddr {
@ -58,6 +53,10 @@ func (a SendAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptRes
return authz.AcceptResponse{}, sdkerrors.ErrUnauthorized.Wrapf("cannot send to %s address", toAddr)
}
if limitLeft.IsZero() {
return authz.AcceptResponse{Accept: true, Delete: true}, nil
}
return authz.AcceptResponse{Accept: true, Delete: false, Updated: &SendAuthorization{SpendLimit: limitLeft, AllowList: allowedList}}, nil
}

21
x/bank/types/send_authorization_test.go
View File

@ -85,4 +85,25 @@ func TestSendAuthorization(t *testing.T) {
require.NotNil(t, resp.Updated)
// coins1000-coins500 = coins500
require.Equal(t, types.NewSendAuthorization(coins500, allowList).String(), resp.Updated.String())
t.Log("send everything to address not in allow list")
authzWithAllowList = types.NewSendAuthorization(coins1000, allowList)
require.Equal(t, authzWithAllowList.MsgTypeURL(), "/cosmos.bank.v1beta1.MsgSend")
require.NoError(t, authorization.ValidateBasic())
send = types.NewMsgSend(fromAddr, unknownAddr, coins1000)
require.NoError(t, authzWithAllowList.ValidateBasic())
resp, err = authzWithAllowList.Accept(ctx, send)
require.Error(t, err)
require.Contains(t, err.Error(), fmt.Sprintf("cannot send to %s address", unknownAddr))
t.Log("send everything to address in allow list")
authzWithAllowList = types.NewSendAuthorization(coins1000, allowList)
require.Equal(t, authzWithAllowList.MsgTypeURL(), "/cosmos.bank.v1beta1.MsgSend")
require.NoError(t, authorization.ValidateBasic())
send = types.NewMsgSend(fromAddr, allowList[0], coins1000)
require.NoError(t, authzWithAllowList.ValidateBasic())
resp, err = authzWithAllowList.Accept(ctx, send)
require.NoError(t, err)
require.True(t, resp.Accept)
require.Nil(t, resp.Updated)
}