Prevent deployer from stealth minting

- Setting the `access` permissions for the token contract to `proof` - Adding a test
MinaFoundation · Jul 22, 2024 · da2cff5 · da2cff5
1 parent 13f1ceb
commit da2cff5
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/FungibleToken.test.ts b/FungibleToken.test.ts
@@ -72,6 +72,7 @@ describe("token integration", async () => {
           symbol: "tokA",
           src: "https://github.com/MinaFoundation/mina-fungible-token/blob/main/FungibleToken.ts",
         })
+        tokenAContract.init()
         await tokenAContract.initialize(
           tokenAdmin,
           UInt8.from(9),
@@ -102,6 +103,7 @@ describe("token integration", async () => {
           symbol: "tokB",
           src: "https://github.com/MinaFoundation/mina-fungible-token/blob/main/FungibleToken.ts",
         })
+        tokenBContract.init()
         await tokenBContract.initialize(
           tokenBAdmin,
           UInt8.from(9),
@@ -594,6 +596,33 @@ describe("token integration", async () => {
         initialCirculating,
       )
     })
+
+    it("should prevent the deployer from minting without calling into the admin contract", async () => {
+      const attackTx = await Mina.transaction({
+        sender: sender,
+        fee: 1e8,
+      }, async () => {
+        // AccountUpdate.fundNewAccount(sender, 1)
+        let nopUpdate = AccountUpdate.default(tokenA, tokenAContract.tokenId)
+
+        let maliciousUpdate = AccountUpdate.default(sender, tokenAContract.deriveTokenId())
+        maliciousUpdate.balanceChange = new Int64(new UInt64(100n))
+        maliciousUpdate.body.mayUseToken = {
+          parentsOwnToken: new Bool(true),
+          inheritFromParent: new Bool(false),
+        }
+        AccountUpdate.attachToTransaction(nopUpdate)
+
+        nopUpdate.approve(maliciousUpdate)
+
+        nopUpdate.requireSignature()
+        maliciousUpdate.requireSignature()
+      })
+
+      await attackTx.prove()
+      attackTx.sign([sender.key, tokenA.key])
+      await rejects(() => attackTx.send())
+    })
   })
 
   describe("third party", () => {

diff --git a/FungibleToken.ts b/FungibleToken.ts
@@ -76,6 +76,7 @@ export class FungibleToken extends TokenContractV2 {
       ...Permissions.default(),
       setVerificationKey: Permissions.VerificationKey.impossibleDuringCurrentVersion(),
       setPermissions: Permissions.impossible(),
+      access: Permissions.proof(),
     })
   }
 
@@ -100,6 +101,7 @@ export class FungibleToken extends TokenContractV2 {
   ) {
     this.account.provedState.requireEquals(Bool(false))
     super.init()
+
     this.admin.set(admin)
     this.decimals.set(decimals)
     this.paused.set(Bool(false))