-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(x/asset): Add clawback and transfer auth priviledges #176
base: example-priv
Are you sure you want to change the base?
Conversation
@facs95 can you take a look at this please |
x/asset/keeper/restriction.go
Outdated
return newToAddr, nil | ||
} | ||
|
||
checker := k.RestrictionChecker[0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a comment in x/asset/keeper/keeper.go
that we should not support more than 1 RestrictionChecker
. However, the code seems to allow more than one anyway (both x/asset/keeper/keeper.go
and x/asset/keeper/restriction.go
have the conditional check len(k.RestrictionChecker) == 0
instead of something like len(k.RestrictionChecker) != 1
for instance.
This line checker := k.RestrictionChecker[0]
will ignore any RestrictionChecker
after the first one registered. If multiple exist, how can we be sure the first is the correct one to use? It seems the code should either enforce only one RestrictionChecker
, or this code block should iterate all RestrictionCheckers
in this list.
for k := range m.Addrs { | ||
v := m.Addrs[k] | ||
baseI := i | ||
i-- | ||
if v { | ||
dAtA[i] = 1 | ||
} else { | ||
dAtA[i] = 0 | ||
} | ||
i-- | ||
dAtA[i] = 0x10 | ||
i -= len(k) | ||
copy(dAtA[i:], k) | ||
i = encodeVarintPriv(dAtA, i, uint64(len(k))) | ||
i-- | ||
dAtA[i] = 0xa | ||
i = encodeVarintPriv(dAtA, i, uint64(baseI-i)) | ||
i-- | ||
dAtA[i] = 0xa | ||
} |
Check warning
Code scanning / CodeQL
Iteration over map Warning
for k, v := range m.Addrs { | ||
_ = k | ||
_ = v | ||
mapEntrySize := 1 + len(k) + sovPriv(uint64(len(k))) + 1 + 1 | ||
n += mapEntrySize + 1 + sovPriv(uint64(mapEntrySize)) | ||
} |
Check warning
Code scanning / CodeQL
Iteration over map Warning
for k := range m.Addrs { | ||
v := m.Addrs[k] | ||
baseI := i | ||
i-- | ||
if v { | ||
dAtA[i] = 1 | ||
} else { | ||
dAtA[i] = 0 | ||
} | ||
i-- | ||
dAtA[i] = 0x10 | ||
i -= len(k) | ||
copy(dAtA[i:], k) | ||
i = encodeVarintRestriction(dAtA, i, uint64(len(k))) | ||
i-- | ||
dAtA[i] = 0xa | ||
i = encodeVarintRestriction(dAtA, i, uint64(baseI-i)) | ||
i-- | ||
dAtA[i] = 0xa | ||
} |
Check warning
Code scanning / CodeQL
Iteration over map Warning
for k, v := range m.Addrs { | ||
_ = k | ||
_ = v | ||
mapEntrySize := 1 + len(k) + sovRestriction(uint64(len(k))) + 1 + 1 | ||
n += mapEntrySize + 1 + sovRestriction(uint64(mapEntrySize)) | ||
} |
Check warning
Code scanning / CodeQL
Iteration over map Warning
for priv, restrictionChecker := range k.RestrictionChecker { | ||
if slices.Contains(enabledPrivileges, priv) { | ||
isAllow, err := restrictionChecker.IsAllow(ctx, tokenID, fromAddr.String()) | ||
if err != nil { | ||
return newToAddr, err | ||
} | ||
if isAllow { | ||
continue | ||
} else { //nolint:revive // superfluous else, could fix, but not worth it? | ||
err = errorsmod.Wrapf(types.ErrNotAuthorized, "%s is not authorized to transact with %s", fromAddr, coin.Denom) | ||
return newToAddr, err | ||
} | ||
} | ||
} |
Check warning
Code scanning / CodeQL
Iteration over map Warning
No description provided.