Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: anyone can call the cancellation function #769

Merged
merged 2 commits into from
Nov 15, 2022
Merged

Problem: anyone can call the cancellation function #769

merged 2 commits into from
Nov 15, 2022

Conversation

thomas-nguy
Copy link
Collaborator

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

Solution: check that only the event emitted from contract address can cancel the token it manages

PR Checklist:

  • Have you read the CONTRIBUTING.md?
  • Does your PR follow the C4 patch requirements?
  • Have you rebased your work on top of the latest master?
  • Have you checked your code compiles? (make)
  • Have you included tests for any non-trivial functionality?
  • Have you checked your code passes the unit tests? (make test)
  • Have you checked your code formatting is correct? (go fmt)
  • Have you checked your basic code style is fine? (golangci-lint run)
  • If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
  • If your changes affect the client infrastructure, have you run the integration test?
  • If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
  • If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
  • If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

@thomas-nguy thomas-nguy requested a review from a team as a code owner November 14, 2022 03:25
@thomas-nguy thomas-nguy requested review from yihuang and adu-crypto and removed request for a team November 14, 2022 03:25
@thomas-nguy thomas-nguy changed the title Problem: anyone can call the cancellation function for the bridge Problem: anyone can call the cancellation function Nov 14, 2022
adu-crypto
adu-crypto approved these changes Nov 15, 2022
View reviewed changes
Copy link
Contributor

@adu-crypto adu-crypto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
I check the other handlers and do not find the similar cases.

yihuang
yihuang approved these changes Nov 15, 2022
View reviewed changes
Copy link
Collaborator

@yihuang yihuang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, can you add a changelog entry?

@thomas-nguy thomas-nguy enabled auto-merge (squash) November 15, 2022 05:15
@thomas-nguy thomas-nguy disabled auto-merge November 15, 2022 05:16
@thomas-nguy thomas-nguy force-pushed the thomas/fix-cancellation branch from 5406e35 to 85ed30a Compare November 15, 2022 05:16
@thomas-nguy thomas-nguy force-pushed the thomas/fix-cancellation branch from 85ed30a to 9deb8b7 Compare November 15, 2022 05:17
@thomas-nguy thomas-nguy enabled auto-merge (squash) November 15, 2022 05:17
@thomas-nguy thomas-nguy merged commit c74b30e into crypto-org-chain:main Nov 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adu-crypto adu-crypto adu-crypto approved these changes

@yihuang yihuang yihuang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thomas-nguy @yihuang @adu-crypto