ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-11-20 11:05:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check auth for ConfidentialSend (#5968)

Browse Source
This commit is contained in:
yinyiqian1
2025-10-30 11:02:46 -04:00
committed by GitHub
parent f3d4d4341b
commit 3af758145c
2 changed files with 82 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
src/test/app/ConfidentialTransfer_test.cpp
View File

@@ -991,11 +991,14 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
MPTTester mptAlice(env, alice, {.holders = {bob, carol, dave, eve}}); MPTTester mptAlice(env, alice, {.holders = {bob, carol, dave, eve}});
// authorize bob, carol, dave (not eve) // authorize bob, carol, dave (not eve)
mptAlice.create({.flags = tfMPTCanTransfer | tfMPTCanLock}); mptAlice.create(
{.flags = tfMPTCanTransfer | tfMPTCanLock | tfMPTRequireAuth});
mptAlice.authorize({.account = bob}); mptAlice.authorize({.account = bob});
mptAlice.authorize({.account = alice, .holder = bob});
mptAlice.authorize({.account = carol}); mptAlice.authorize({.account = carol});
mptAlice.authorize({.account = alice, .holder = carol});
mptAlice.authorize({.account = dave}); mptAlice.authorize({.account = dave});
env.close(); mptAlice.authorize({.account = alice, .holder = dave});
// fund bob, carol (not dave or eve) // fund bob, carol (not dave or eve)
mptAlice.pay(alice, bob, 100); mptAlice.pay(alice, bob, 100);
@@ -1023,6 +1026,14 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
.holderPubKey = mptAlice.getPubKey(carol), .holderPubKey = mptAlice.getPubKey(carol),
.err = tesSUCCESS}); .err = tesSUCCESS});
// bob and carol merge inbox
mptAlice.mergeInbox({
.account = bob,
});
mptAlice.mergeInbox({
.account = carol,
});
// // sender does not exist // // sender does not exist
// { // {
// Json::Value jv; // Json::Value jv;
@@ -1086,6 +1097,7 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
// issuance is locked globally // issuance is locked globally
{ {
// lock issuance
mptAlice.set({.account = alice, .flags = tfMPTLock}); mptAlice.set({.account = alice, .flags = tfMPTLock});
mptAlice.send( mptAlice.send(
{.account = bob, {.account = bob,
@@ -1093,12 +1105,16 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
.amt = 10, .amt = 10,
.proof = "123", .proof = "123",
.err = tecLOCKED}); .err = tecLOCKED});
mptAlice.set( // unlock issuance
{.account = alice, .flags = tfMPTUnlock}); // unlock issuance mptAlice.set({.account = alice, .flags = tfMPTUnlock});
// now can send
mptAlice.send(
{.account = bob, .dest = carol, .amt = 1, .proof = "123"});
} }
// sender is locked // sender is locked
{ {
// lock bob
mptAlice.set({.account = alice, .holder = bob, .flags = tfMPTLock}); mptAlice.set({.account = alice, .holder = bob, .flags = tfMPTLock});
mptAlice.send( mptAlice.send(
{.account = bob, {.account = bob,
@@ -1106,14 +1122,17 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
.amt = 10, .amt = 10,
.proof = "123", .proof = "123",
.err = tecLOCKED}); .err = tecLOCKED});
// unlock bob
mptAlice.set( mptAlice.set(
{.account = alice, {.account = alice, .holder = bob, .flags = tfMPTUnlock});
.holder = bob, // now can send
.flags = tfMPTUnlock}); // unlock bob mptAlice.send(
{.account = bob, .dest = carol, .amt = 2, .proof = "123"});
} }
// destination is locked // destination is locked
{ {
// lock carol
mptAlice.set( mptAlice.set(
{.account = alice, .holder = carol, .flags = tfMPTLock}); {.account = alice, .holder = carol, .flags = tfMPTLock});
mptAlice.send( mptAlice.send(
@@ -1122,10 +1141,54 @@ class ConfidentialTransfer_test : public beast::unit_test::suite
.amt = 10, .amt = 10,
.proof = "123", .proof = "123",
.err = tecLOCKED}); .err = tecLOCKED});
// unlock carol
mptAlice.set( mptAlice.set(
{.account = alice, {.account = alice, .holder = carol, .flags = tfMPTUnlock});
.holder = carol, // now can send
.flags = tfMPTUnlock}); // unlock carol mptAlice.send(
{.account = bob, .dest = carol, .amt = 3, .proof = "123"});
}
// sender not authorized
{
// unauthorize bob
mptAlice.authorize(
{.account = alice, .holder = bob, .flags = tfMPTUnauthorize});
mptAlice.send(
{.account = bob,
.dest = carol,
.amt = 10,
.proof = "123",
.err = tecNO_AUTH});
// authorize bob again
mptAlice.authorize({
.account = alice,
.holder = bob,
});
// now can send
mptAlice.send(
{.account = bob, .dest = carol, .amt = 4, .proof = "123"});
}
// destination not authorized
{
// unauthorize carol
mptAlice.authorize(
{.account = alice, .holder = carol, .flags = tfMPTUnauthorize});
mptAlice.send(
{.account = bob,
.dest = carol,
.amt = 10,
.proof = "123",
.err = tecNO_AUTH});
// authorize carol again
mptAlice.authorize({
.account = alice,
.holder = carol,
});
// now can send
mptAlice.send(
{.account = bob, .dest = carol, .amt = 5, .proof = "123"});
} }
} }

9
src/xrpld/app/tx/detail/ConfidentialSend.cpp
View File

@@ -131,6 +131,15 @@ ConfidentialSend::preclaim(PreclaimContext const& ctx)
ter != tesSUCCESS) ter != tesSUCCESS)
return ter; return ter;
// Check auth
if (auto const ter = requireAuth(ctx.view, mptIssue, account);
!isTesSuccess(ter))
return ter;
if (auto const ter = requireAuth(ctx.view, mptIssue, destination);
!isTesSuccess(ter))
return ter;
// todo: check zkproof. equality proof and range proof, combined or separate // todo: check zkproof. equality proof and range proof, combined or separate
// TBD. TER const terProof = verifyConfidentialSendProof( // TBD. TER const terProof = verifyConfidentialSendProof(
// ctx.tx[sfZKProof], // ctx.tx[sfZKProof],