From df592e9c715209656aeaceaa3cd76f14f207e925 Mon Sep 17 00:00:00 2001 From: Jordy Romuald <87231934+JordyRo1@users.noreply.github.com> Date: Mon, 13 Nov 2023 15:34:22 +0100 Subject: [PATCH] audit: registration verification (#71) * audit: registration verification * fix: fmt * feat: break loop if condition --- .../publisher_registry.cairo | 28 +++++++++++++++++-- src/tests/test_publisher_registry.cairo | 28 +++++++++++++++++++ 2 files changed, 54 insertions(+), 2 deletions(-) diff --git a/src/publisher_registry/publisher_registry.cairo b/src/publisher_registry/publisher_registry.cairo index c55dbc3e..8fa1d67d 100644 --- a/src/publisher_registry/publisher_registry.cairo +++ b/src/publisher_registry/publisher_registry.cairo @@ -106,7 +106,7 @@ mod PublisherRegistry { let existing_publisher_address = PublisherRegistryImpl::get_publisher_address( @self, publisher ); - + assert(!is_address_registered(@self, publisher_address), 'Address already registered'); assert(existing_publisher_address.is_zero(), 'Name already registered'); assert(!publisher_address.is_zero(), 'Cannot set address to zero'); let publishers_len = self.publishers_storage_len.read(); @@ -132,7 +132,9 @@ mod PublisherRegistry { @self, publisher ); let caller = get_caller_address(); - + assert( + !is_address_registered(@self, new_publisher_address), 'Address already registered' + ); assert(!existing_publisher_address.is_zero(), 'Name not registered'); assert(caller == existing_publisher_address, 'Caller is not the publisher'); @@ -441,5 +443,27 @@ mod PublisherRegistry { // gas::withdraw_gas_all(get_builtin_costs()).expect('Out of gas'); _iter_publisher_sources(self, cur_idx + 1_usize, max_idx, publisher, ref sources_arr) } + + // @notice check if a given contract address is already associated to a publisher + // @param address: address to check + // @returns a boolean + fn is_address_registered(self: @ContractState, address: ContractAddress) -> bool { + let mut cur_idx = 0; + let arr_len = self.publishers_storage_len.read(); + let mut boolean = false; + loop { + if (cur_idx == arr_len) { + break (); + } + let publisher = self.publishers_storage.read(cur_idx); + let publisher_address = self.publisher_address_storage.read(publisher); + if (publisher_address == address) { + boolean = true; + break (); + } + cur_idx += 1; + }; + boolean + } } diff --git a/src/tests/test_publisher_registry.cairo b/src/tests/test_publisher_registry.cairo index 8620ab79..b063bb44 100644 --- a/src/tests/test_publisher_registry.cairo +++ b/src/tests/test_publisher_registry.cairo @@ -305,3 +305,31 @@ fn test_transfer_ownership() { let admin_address = publisher_registry.get_admin_address(); assert(admin_address == test_address, 'wrong admin address'); } + + +#[test] +#[should_panic(expected: ('Address already registered', 'ENTRYPOINT_FAILED'))] +#[available_gas(20000000000)] +fn test_add_pubisher_should_fail_if_already_registered() { + let admin = contract_address_const::<0x12345>(); + set_contract_address(admin); + let publisher_registry = deploy_publisher_registry(); + let publisher_address = contract_address_const::<0x54321>(); + publisher_registry.add_publisher(1, publisher_address); + publisher_registry.add_publisher(2, publisher_address); +} + + +#[test] +#[should_panic(expected: ('Address already registered', 'ENTRYPOINT_FAILED'))] +#[available_gas(20000000000)] +fn test_update_pubisher_should_fail_if_already_registered() { + let admin = contract_address_const::<0x12345>(); + set_contract_address(admin); + let publisher_registry = deploy_publisher_registry(); + let publisher_address = contract_address_const::<0x54321>(); + publisher_registry.add_publisher(1, publisher_address); + let new_publisher_address = contract_address_const::<0x54322>(); + publisher_registry.add_publisher(2, new_publisher_address); + publisher_registry.update_publisher_address(2, publisher_address); +}