[denylist] Fix sign check early return (#18951)

## Description 

Describe the changes or additions included in this PR.

## Test plan 

Will add test in a separate PR.
---

## Release notes

Check each box that your changes affect. If none of the boxes relate to
your changes, release notes aren't required.

For each box you select, include information after the relevant heading
that describes the impact of your changes that a user might notice and
any actions they must take to implement updates.

- [ ] Protocol: 
- [ ] Nodes (Validators and Full nodes): 
- [ ] Indexer: 
- [ ] JSON-RPC: 
- [ ] GraphQL: 
- [ ] CLI: 
- [ ] Rust SDK:
- [ ] REST API:

crates/sui-adapter-transactional-tests/tests/deny_list_v2/coin_deny_multiple_coin_types.exp

@@ -0,0 +1,53 @@
+processed 6 tasks
+
+init:
+A: object(0,0)
+
+task 1, lines 11-60:
+//# publish --sender A
+created: object(1,0), object(1,1), object(1,2), object(1,3), object(1,4), object(1,5), object(1,6), object(1,7), object(1,8), object(1,9), object(1,10)
+mutated: object(0,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+gas summary: computation_cost: 1000000, storage_cost: 34260800, storage_rebate: 0, non_refundable_storage_fee: 0
+
+task 2, lines 61-63:
+//# view-object 1,1
+Owner: Account Address ( A )
+Version: 2
+Contents: sui::coin::Coin<test::regulated_coin1::REGULATED_COIN1> {
+ id: sui::object::UID {
+ id: sui::object::ID {
+ bytes: fake(1,1),
+ },
+ },
+ balance: sui::balance::Balance<test::regulated_coin1::REGULATED_COIN1> {
+ value: 10000u64,
+ },
+}
+
+task 3, lines 64-66:
+//# view-object 1,2
+Owner: Account Address ( A )
+Version: 2
+Contents: sui::coin::Coin<test::regulated_coin2::REGULATED_COIN2> {
+ id: sui::object::UID {
+ id: sui::object::ID {
+ bytes: fake(1,2),
+ },
+ },
+ balance: sui::balance::Balance<test::regulated_coin2::REGULATED_COIN2> {
+ value: 10000u64,
+ },
+}
+
+task 4, line 67:
+//# run sui::coin::deny_list_v2_add --args object(0x403) object(1,6) @A --type-args test::regulated_coin2::REGULATED_COIN2 --sender A
+events: Event { package_id: sui, transaction_module: Identifier("coin"), sender: A, type_: StructTag { address: sui, module: Identifier("deny_list"), name: Identifier("PerTypeConfigCreated"), type_params: [] }, contents: [0, 0, 0, 0, 0, 0, 0, 0, 98, 101, 100, 100, 50, 98, 100, 54, 51, 99, 50, 51, 102, 99, 52, 54, 52, 55, 102, 51, 101, 99, 101, 57, 48, 55, 57, 57, 49, 51, 102, 53, 99, 49, 98, 52, 98, 55, 97, 101, 101, 52, 56, 51, 50, 51, 55, 50, 97, 102, 52, 48, 99, 100, 48, 51, 49, 57, 50, 101, 97, 48, 52, 51, 97, 58, 58, 114, 101, 103, 117, 108, 97, 116, 101, 100, 95, 99, 111, 105, 110, 50, 58, 58, 82, 69, 71, 85, 76, 65, 84, 69, 68, 95, 67, 79, 73, 78, 50, 157, 35, 217, 228, 182, 26, 20, 142, 175, 244, 33, 216, 213, 187, 161, 23, 168, 25, 82, 72, 79, 110, 47, 210, 76, 90, 37, 190, 166, 158, 5, 16] }
+created: object(4,0), object(4,1), object(4,2)
+mutated: 0x0000000000000000000000000000000000000000000000000000000000000403, object(0,0), object(1,6)
+gas summary: computation_cost: 1000000, storage_cost: 12220800, storage_rebate: 2761308, non_refundable_storage_fee: 27892
+
+task 5, lines 69-70:
+//# programmable --sender A --inputs object(1,1) object(1,2) @A
+//> TransferObjects([Input(0), Input(1)], Input(2))
+Error: Error checking transaction input objects: AddressDeniedForCoin { address: @A, coin_type: "object(1,0)::regulated_coin2::REGULATED_COIN2" }

crates/sui-adapter-transactional-tests/tests/deny_list_v2/coin_deny_multiple_coin_types.move

@@ -0,0 +1,70 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+// This test verifies when sending two objects of different coin types in the same transaction,
+// if one is denied but not the other, the transaction check should still fail.
+// More importantly, if the second type is denied but not the first, the fact that
+// the first type doesn't even have a denylist entry should not matter.
+
+//# init --accounts A --addresses test=0x0
+
+//# publish --sender A
+module test::regulated_coin1 {
+ use sui::coin;
+
+ public struct REGULATED_COIN1 has drop {}
+
+ fun init(otw: REGULATED_COIN1, ctx: &mut TxContext) {
+ let (mut treasury_cap, deny_cap, metadata) = coin::create_regulated_currency_v2(
+ otw,
+ 9,
+ b"RC",
+ b"REGULATED_COIN",
+ b"A new regulated coin",
+ option::none(),
+ false,
+ ctx
+ );
+ let coin = coin::mint(&mut treasury_cap, 10000, ctx);
+ transfer::public_transfer(coin, tx_context::sender(ctx));
+ transfer::public_transfer(deny_cap, tx_context::sender(ctx));
+ transfer::public_freeze_object(treasury_cap);
+ transfer::public_freeze_object(metadata);
+ }
+}
+
+module test::regulated_coin2 {
+ use sui::coin;
+
+ public struct REGULATED_COIN2 has drop {}
+
+ fun init(otw: REGULATED_COIN2, ctx: &mut TxContext) {
+ let (mut treasury_cap, deny_cap, metadata) = coin::create_regulated_currency_v2(
+ otw,
+ 9,
+ b"RC",
+ b"REGULATED_COIN",
+ b"A new regulated coin",
+ option::none(),
+ false,
+ ctx
+ );
+ let coin = coin::mint(&mut treasury_cap, 10000, ctx);
+ transfer::public_transfer(coin, tx_context::sender(ctx));
+ transfer::public_transfer(deny_cap, tx_context::sender(ctx));
+ transfer::public_freeze_object(treasury_cap);
+ transfer::public_freeze_object(metadata);
+ }
+}
+
+// Coin1
+//# view-object 1,1
+
+// Coin2
+//# view-object 1,2
+
+// Deny account A for coin2.
+//# run sui::coin::deny_list_v2_add --args object(0x403) object(1,6) @A --type-args test::regulated_coin2::REGULATED_COIN2 --sender A
+
+//# programmable --sender A --inputs object(1,1) object(1,2) @A
+//> TransferObjects([Input(0), Input(1)], Input(2))

crates/sui-types/src/deny_list_v2.rs

@@ -109,7 +109,7 @@ pub fn check_coin_deny_list_v2_during_signing(
  let coin_types = input_object_coin_types_for_denylist_check(input_objects, receiving_objects);
  for coin_type in coin_types {
  let Some(deny_list) = get_per_type_coin_deny_list_v2(&coin_type, object_store) else {
- return Ok(());
+ continue;
  };
  if check_global_pause(&deny_list, object_store, None) {
  return Err(UserInputError::CoinTypeGlobalPause { coin_type });