mleku/wasmd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #900 from CosmWasm/migration_fix

Browse Source 
Prevent migration to a restricted code
This commit is contained in:
Ethan Frey
2022-08-15 16:53:06 +02:00
committed by GitHub
parent 288609255a ffd8a3c871
commit f14c46988a
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
x/wasm/keeper/contract_keeper.go
View File

@@ -75,7 +75,7 @@ func (p PermissionedKeeper) UnpinCode(ctx sdk.Context, codeID uint64) error {
return p.nested.unpinCode(ctx, codeID) return p.nested.unpinCode(ctx, codeID)
} }
// SetExtraContractAttributes updates the extra attributes that can be stored with the contract info // SetContractInfoExtension updates the extra attributes that can be stored with the contract info
func (p PermissionedKeeper) SetContractInfoExtension(ctx sdk.Context, contract sdk.AccAddress, extra types.ContractInfoExtension) error { func (p PermissionedKeeper) SetContractInfoExtension(ctx sdk.Context, contract sdk.AccAddress, extra types.ContractInfoExtension) error {
return p.nested.setContractInfoExtension(ctx, contract, extra) return p.nested.setContractInfoExtension(ctx, contract, extra)
} }

4
x/wasm/keeper/keeper.go
View File

@@ -395,6 +395,10 @@ func (k Keeper) migrate(ctx sdk.Context, contractAddress sdk.AccAddress, caller
return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "unknown code") return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "unknown code")
} }
if !authZ.CanInstantiateContract(newCodeInfo.InstantiateConfig, caller) {
return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, "to use new code")
}
// check for IBC flag // check for IBC flag
switch report, err := k.wasmVM.AnalyzeCode(newCodeInfo.CodeHash); { switch report, err := k.wasmVM.AnalyzeCode(newCodeInfo.CodeHash); {
case err != nil: case err != nil:

13
x/wasm/keeper/keeper_test.go
View File

@@ -875,6 +875,10 @@ func TestMigrate(t *testing.T) {
ibcCodeID := StoreIBCReflectContract(t, ctx, keepers).CodeID ibcCodeID := StoreIBCReflectContract(t, ctx, keepers).CodeID
require.NotEqual(t, originalCodeID, newCodeID) require.NotEqual(t, originalCodeID, newCodeID)
restrictedCodeID := StoreHackatomExampleContract(t, ctx, keepers).CodeID
keeper.SetAccessConfig(ctx, restrictedCodeID, types.AllowNobody)
require.NotEqual(t, originalCodeID, restrictedCodeID)
anyAddr := RandomAccountAddress(t) anyAddr := RandomAccountAddress(t)
newVerifierAddr := RandomAccountAddress(t) newVerifierAddr := RandomAccountAddress(t)
initMsgBz := HackatomExampleInitMsg{ initMsgBz := HackatomExampleInitMsg{
@@ -952,6 +956,15 @@ func TestMigrate(t *testing.T) {
toCodeID: originalCodeID, toCodeID: originalCodeID,
expErr: sdkerrors.ErrUnauthorized, expErr: sdkerrors.ErrUnauthorized,
}, },
"prevent migration when new code is restricted": {
admin: creator,
caller: creator,
initMsg: initMsgBz,
fromCodeID: originalCodeID,
toCodeID: restrictedCodeID,
migrateMsg: migMsgBz,
expErr: sdkerrors.ErrUnauthorized,
},
"fail with non existing code id": { "fail with non existing code id": {
admin: creator, admin: creator,
caller: creator, caller: creator,