fix: Address permission delegation vulnerability (#5825)

This change introduces the `featurePermissionDelegationV1_1` amendment, which is designed to supersede both `featurePermissionDelegation` and `fixDelegateV1_1 amendments, which should be considered deprecated. The `checkPermission` function will now return `terNO_DELEGATE_PERMISSION` when a delegate transaction lacks the necessary permissions.
2026-04-29 15:37:57 +00:00 · 2025-10-31 15:01:06 -04:00
parent cbbb2b1be0
commit fa69918124
21 changed files with 295 additions and 291 deletions
--- a/src/test/app/Batch_test.cpp
+++ b/src/test/app/Batch_test.cpp
@@ -3946,14 +3946,13 @@ class Batch_test : public beast::unit_test::suite
                tesSUCCESS,
                batch::outer(gw, seq, batchFee, tfIndependent),
                batch::inner(jv1, seq + 1),
-                // tecNO_DELEGATE_PERMISSION: not authorized to clear freeze
+                // terNO_DELEGATE_PERMISSION: not authorized to clear freeze
                batch::inner(jv2, seq + 2));
            env.close();

            std::vector<TestLedgerData> testCases = {
                {0, "Batch", "tesSUCCESS", batchID, std::nullopt},
                {1, "TrustSet", "tesSUCCESS", txIDs[0], batchID},
-                {2, "TrustSet", "tecNO_DELEGATE_PERMISSION", txIDs[1], batchID},
            };
            validateClosedLedger(env, testCases);
        }