From 1434f87a8edc33e5f6429cf36c8acb5a948d6146 Mon Sep 17 00:00:00 2001 From: Raul Bernal Date: Fri, 12 Apr 2024 23:03:19 +0200 Subject: [PATCH 1/2] WhiteList control --- x/burn/keeper/msg_server_burn_coins_action.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/x/burn/keeper/msg_server_burn_coins_action.go b/x/burn/keeper/msg_server_burn_coins_action.go index 36e2b3df..dfb8c4a9 100644 --- a/x/burn/keeper/msg_server_burn_coins_action.go +++ b/x/burn/keeper/msg_server_burn_coins_action.go @@ -9,15 +9,31 @@ import ( sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" ) +// List of auth. addresses (whitelist) +var authorizedAddresses = map[string]bool{ + "bcna1tdpec339xrucmmr4x73teu3lc2phq45mv07z9n": true, // Vesting account + "bcna1465kg4xaa5sl3vlm02zwe6y7jqltyncvcsygxr": true, // Business Development + "bcna16pczhqlsglmjyyap3785cqnpq30q430jkgw4gk": true, // Marketing + "bcna1tqywev6xmvrnagfq57c0h5susdy3l789rumufz": true, // Test1 + "bcna1h2sz97wffluqtt07zmkky3cvuywv6dzq38zr9r": true, // Test2 + "bcna1zvxldjgetj5u9wah0t8fnz229533xzsmz8y5js": true, // Test3 +} + // Move coins from sender to Bank account module and then the module burns the coins. func (k msgServer) BurnCoinsAction(goCtx context.Context, msg *types.MsgBurnCoinsAction) (*types.MsgBurnCoinsActionResponse, error) { ctx := sdk.UnwrapSDKContext(goCtx) + // Validate the address creatorAddr, err := sdk.AccAddressFromBech32(msg.Creator) if err != nil { return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid creator address: %s", err) } + // Check if the address of the creator is whitelisted + if _, ok := authorizedAddresses[msg.Creator]; !ok { + return nil, sdkerrors.ErrUnauthorized.Wrap("address not authorized to burn coins") + } + // Validate the coins coins := sdk.NewCoins(msg.Amount) if !coins.IsValid() { From e7409269114365442a53a716de6f5978fe5c0952 Mon Sep 17 00:00:00 2001 From: Raul Bernal Date: Mon, 15 Apr 2024 12:19:38 +0200 Subject: [PATCH 2/2] Change order of checks --- x/burn/keeper/msg_server_burn_coins_action.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/x/burn/keeper/msg_server_burn_coins_action.go b/x/burn/keeper/msg_server_burn_coins_action.go index dfb8c4a9..14871463 100644 --- a/x/burn/keeper/msg_server_burn_coins_action.go +++ b/x/burn/keeper/msg_server_burn_coins_action.go @@ -14,7 +14,7 @@ var authorizedAddresses = map[string]bool{ "bcna1tdpec339xrucmmr4x73teu3lc2phq45mv07z9n": true, // Vesting account "bcna1465kg4xaa5sl3vlm02zwe6y7jqltyncvcsygxr": true, // Business Development "bcna16pczhqlsglmjyyap3785cqnpq30q430jkgw4gk": true, // Marketing - "bcna1tqywev6xmvrnagfq57c0h5susdy3l789rumufz": true, // Test1 + "bcna1rp6fpd8lry8kgmxaermw8eqlkgr4q9lv3u0eae": true, // Test1 "bcna1h2sz97wffluqtt07zmkky3cvuywv6dzq38zr9r": true, // Test2 "bcna1zvxldjgetj5u9wah0t8fnz229533xzsmz8y5js": true, // Test3 } @@ -29,11 +29,6 @@ func (k msgServer) BurnCoinsAction(goCtx context.Context, msg *types.MsgBurnCoin return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid creator address: %s", err) } - // Check if the address of the creator is whitelisted - if _, ok := authorizedAddresses[msg.Creator]; !ok { - return nil, sdkerrors.ErrUnauthorized.Wrap("address not authorized to burn coins") - } - // Validate the coins coins := sdk.NewCoins(msg.Amount) if !coins.IsValid() { @@ -50,6 +45,11 @@ func (k msgServer) BurnCoinsAction(goCtx context.Context, msg *types.MsgBurnCoin return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, coins.String()) } + // Check if the address of the creator is whitelisted + if _, ok := authorizedAddresses[msg.Creator]; !ok { + return nil, sdkerrors.ErrUnauthorized.Wrap("address not authorized to burn coins") + } + // Gets the balance of the sender to check if are there enough coins. balance := k.bankKeeper.GetBalance(ctx, creatorAddr, msg.Amount.Denom) if balance.Amount.LT(msg.Amount.Amount) {