From 7b437ec8a4cdea2fb0bcda30f4866c8a8047fccf Mon Sep 17 00:00:00 2001
From: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
Date: Thu, 7 Nov 2024 04:07:25 +0900
Subject: [PATCH] fix: prevent a double grant to the registrant who is also a
 signatory

Signed-off-by: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
---
 .../src/default/custom/multisig/account.rs       | 11 +++++------
 .../src/default/custom/multisig/transaction.rs   | 16 ++++++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/crates/iroha_executor/src/default/custom/multisig/account.rs b/crates/iroha_executor/src/default/custom/multisig/account.rs
index ebaeae953c..ef1c9db911 100644
--- a/crates/iroha_executor/src/default/custom/multisig/account.rs
+++ b/crates/iroha_executor/src/default/custom/multisig/account.rs
@@ -34,7 +34,6 @@ impl VisitExecute for MultisigRegister {
 
     fn execute<V: Execute + Visit + ?Sized>(self, executor: &mut V) -> Result<(), ValidationFail> {
         let host = executor.host();
-        let registrant = executor.context().authority.clone();
         let multisig_account = self.account;
         let multisig_role = multisig_role_for(&multisig_account);
 
@@ -63,8 +62,8 @@ impl VisitExecute for MultisigRegister {
         .dbg_unwrap();
 
         host.submit(&Register::role(
-            // Temporarily grant a multisig role to the registrant to delegate the role to the signatories
-            Role::new(multisig_role.clone(), registrant.clone()),
+            // No use, but temporarily grant a multisig role to the multisig account due to specifications
+            Role::new(multisig_role.clone(), multisig_account.clone()),
         ))
         .dbg_expect("registrant should successfully register a multisig role");
 
@@ -75,10 +74,10 @@ impl VisitExecute for MultisigRegister {
                 );
         }
 
-        // FIXME No roles to revoke found, which should have been granted to the registrant
-        // host.submit(&Revoke::account_role(multisig_role, registrant))
+        // FIXME No roles to revoke found, which should have been granted to the multisig account
+        // host.submit(&Revoke::account_role(multisig_role, multisig_account))
         //     .dbg_expect(
-        //         "registrant should successfully revoke the multisig role from the registrant",
+        //         "registrant should successfully revoke the multisig role from the multisig account",
         //     );
 
         Ok(())
diff --git a/crates/iroha_executor/src/default/custom/multisig/transaction.rs b/crates/iroha_executor/src/default/custom/multisig/transaction.rs
index b69461c8e2..caf2f63986 100644
--- a/crates/iroha_executor/src/default/custom/multisig/transaction.rs
+++ b/crates/iroha_executor/src/default/custom/multisig/transaction.rs
@@ -115,18 +115,22 @@ impl VisitExecute for MultisigApprove {
         let multisig_role = multisig_role_for(&target_account);
         let instructions_hash = self.instructions_hash;
 
-        let Ok(_role_found) = host
+        if host
             .query(FindRolesByAccountId::new(approver))
             .filter_with(|role_id| role_id.eq(multisig_role))
             .execute_single()
-        else {
+            .is_err()
+        {
             deny!(executor, "not qualified to approve multisig");
         };
 
-        let Ok(_proposal_found) = host.query_single(FindAccountMetadata::new(
-            target_account.clone(),
-            approvals_key(&instructions_hash),
-        )) else {
+        if host
+            .query_single(FindAccountMetadata::new(
+                target_account.clone(),
+                approvals_key(&instructions_hash),
+            ))
+            .is_err()
+        {
             deny!(executor, "no proposals to approve")
         };
     }