ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-11-25 21:45:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: Make requireAuth recursive if the sender is a vault

Browse Source
This commit is contained in:
Ed Hennis
2025-07-31 10:49:48 -04:00
parent bfac68e308
commit 078afb51d9
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/libxrpl/ledger/View.cpp
View File

@@ -3139,6 +3139,24 @@ requireAuth(
!isTesSuccess(err))
return err;
}
// requireAuth is also recursive if the _account_ is a vault
auto const sleAccount = view.read(keylet::account(account));
if (!sleAccount)
return tefINTERNAL; // LCOV_EXCL_LINE
if (sleAccount->isFieldPresent(sfVaultID))
{
auto const sleVault =
view.read(keylet::vault(sleAccount->getFieldH256(sfVaultID)));
if (!sleVault)
return tefINTERNAL; // LCOV_EXCL_LINE
auto const ownerAcct = sleVault->getAccountID(sfOwner);
if (auto const err =
requireAuth(view, mptIssue, ownerAcct, authType, depth + 1);
!isTesSuccess(err))
return err;
}
}
auto const mptokenID = keylet::mptoken(mptID.key, account);

19
src/test/app/Vault_test.cpp
View File

@@ -2351,6 +2351,18 @@ class Vault_test : public beast::unit_test::suite
.amount = asset(100)});
env(tx, ter(tecNO_AUTH));
// Withdrawal to other (authorized) accounts doesn't work.
// Issuer would have to VaultClawback
tx[sfDestination] = issuer.human();
env(tx, ter(tecNO_AUTH));
tx[sfDestination] = owner.human();
env(tx, ter(tecNO_AUTH));
env.close();
// Issuer reauthorizes
mptt.authorize({.account = issuer, .holder = depositor});
env.close();
// Withdrawal to other (authorized) accounts works
tx[sfDestination] = issuer.human();
env(tx);
@@ -2361,6 +2373,13 @@ class Vault_test : public beast::unit_test::suite
env.close();
}
// Re-unauthorize
mptt.authorize(
{.account = issuer,
.holder = depositor,
.flags = tfMPTUnauthorize});
env.close();
{
// Cannot deposit some more
auto tx = vault.deposit(