-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix MarkerTransferAuthorization validation. #1856
Conversation
…valid Coins and the addresses in the allow list are valid.
WalkthroughThe updates focus on enhancing the Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (2)
- x/marker/types/authz.go (1 hunks)
- x/marker/types/authz_test.go (2 hunks)
Additional comments: 4
x/marker/types/authz.go (2)
- 63-67: The addition of
TransferLimit.Validate()
and the zero-value check enhances the robustness of theMarkerTransferAuthorization
validation by ensuring that theTransferLimit
is not only valid but also non-zero. This is a critical improvement for preventing potential issues related to invalid or zeroTransferLimit
values.- 71-78: The updated validation logic for the
AllowList
significantly improves the security and integrity of theMarkerTransferAuthorization
. By ensuring all addresses in theAllowList
are valid bech32 addresses and checking for duplicates, the changes mitigate the risk of including invalid or duplicate addresses. The use of detailed error messages for each scenario is a good practice, as it aids in debugging and issue resolution.x/marker/types/authz_test.go (2)
- 10-15: The addition of imports for
sdkmath
andassertions
is necessary for the updated test cases. Thesdkmath
import is used for creatingCoin
instances with specific amounts, andassertions
is utilized for asserting error messages in test cases. These additions support the new test scenarios introduced by the changes in validation logic.- 62-139: The updated and new test cases in
TestMarkerTransferAuthorizationValidateBasic
effectively cover a wide range of scenarios for bothTransferLimit
andAllowList
validations. This includes tests for nil and emptyTransferLimit
, invalid denominations, zero and negative coin amounts, unsortedTransferLimit
, and variousAllowList
scenarios such as invalid entries and duplicates. The use of detailed error messages in assertions is commendable, as it ensures that the validation logic behaves as expected in each scenario.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 1
Configuration used: CodeRabbit UI
Files selected for processing (1)
- CHANGELOG.md (1 hunks)
Additional comments: 2
CHANGELOG.md (2)
- 42-42: The link provided in the bug fix entry for
MarkerTransferAuthorization
validation correctly points to a GitHub pull request, which is expected in a changelog. This allows readers to explore the specific changes made in more detail.- 42-42: The categorization of the change related to
MarkerTransferAuthorization
validation under "Bug Fixes" is appropriate, as it addresses a specific issue that was corrected. This helps readers quickly identify the nature of the change.
1ba06df
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (1)
- CHANGELOG.md (1 hunks)
Files skipped from review as they are similar to previous changes (1)
- CHANGELOG.md
* Fix MarkerTransferAuthorization validation to make sure the limit is valid Coins and the addresses in the allow list are valid. * Add changelog entry.
* Fix MarkerTransferAuthorization validation to make sure the limit is valid Coins and the addresses in the allow list are valid. * Add changelog entry.
…fer authz validation). (#1876) * Allow force transfers from marker and market accounts. (#1855) * Allow force transfers out of marker and market accounts. * Add some test cases for marker and market accounts with canForceTransferFrom. * Add changelog entry. * Tweak TestCanForceTransferFrom a little based on coderabbit feedback. Namely, have the account creators take in a string to use for the addr instead of the full address that it's going to just turn around and return. * Lint fix (needed extra empty line in keeper/marker.go). * Fix MarkerTransferAuthorization validation. (#1856) * Fix MarkerTransferAuthorization validation to make sure the limit is valid Coins and the addresses in the allow list are valid. * Add changelog entry. * Fix one of the changelog lines.
Description
The
MarkerTransferAuthorization.ValidateBasic()
method now ensures that theTransferLimit
is validCoins
(and still can't be zero), and also ensures that theAllowList
entries are all valid bech32 addresses.The change to
TransferLimit
validation is the primary fix here. What was happening is that a person could create a grant with aMarkerTransferAuthorization
in it that had an unsortedTransferLimit
. Later, when that grant is used, theSafeSub
(inDecreaseTransferLimit
) panics because theTransferLimit
isn't sorted.The extra limitation on the
AllowList
is merely a nicety to help prevent people from accidentally having a worthless/incorrect entry in the list. Having a non-bech32 entry in there doesn't cause a panic or any other errors, but the value they're being checked against will always be a bech32 address string, so we might as well not allow these authorizations to have non-bech32 entries in it.Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/
) or specification (x/<module>/spec/
)godoc
comments.Unreleased
section inCHANGELOG.md
Files changed
in the Github PR explorerCodecov Report
in the comment section below once CI passesSummary by CodeRabbit
Summary by CodeRabbit
New Features
Bug Fixes
Tests