diff --git a/contracts/red-bank/src/contract.rs b/contracts/red-bank/src/contract.rs index e467c5c76..cbbb0687b 100644 --- a/contracts/red-bank/src/contract.rs +++ b/contracts/red-bank/src/contract.rs @@ -51,12 +51,18 @@ pub fn execute( denom, amount, recipient, - } => execute::withdraw(deps, env, info, denom, amount, recipient), + } => { + cw_utils::nonpayable(&info)?; + execute::withdraw(deps, env, info, denom, amount, recipient) + } ExecuteMsg::Borrow { denom, amount, recipient, - } => execute::borrow(deps, env, info, denom, amount, recipient), + } => { + cw_utils::nonpayable(&info)?; + execute::borrow(deps, env, info, denom, amount, recipient) + } ExecuteMsg::Repay { on_behalf_of, } => { @@ -84,7 +90,10 @@ pub fn execute( ExecuteMsg::UpdateAssetCollateralStatus { denom, enable, - } => execute::update_asset_collateral_status(deps, env, info, denom, enable), + } => { + cw_utils::nonpayable(&info)?; + execute::update_asset_collateral_status(deps, env, info, denom, enable) + } } } diff --git a/contracts/red-bank/tests/test_borrow.rs b/contracts/red-bank/tests/test_borrow.rs index cb83f7bc8..bef237ba9 100644 --- a/contracts/red-bank/tests/test_borrow.rs +++ b/contracts/red-bank/tests/test_borrow.rs @@ -945,7 +945,7 @@ fn cannot_borrow_if_market_not_enabled() { // Check error when borrowing not allowed on market let env = mock_env(MockEnvParams::default()); - let info = cosmwasm_std::testing::mock_info("borrower", &[coin(110000, "somecoin")]); + let info = cosmwasm_std::testing::mock_info("borrower", &[]); let msg = ExecuteMsg::Borrow { denom: "somecoin".to_string(), amount: Uint128::new(1000), diff --git a/contracts/red-bank/tests/test_payment.rs b/contracts/red-bank/tests/test_payment.rs new file mode 100644 index 000000000..588997c7a --- /dev/null +++ b/contracts/red-bank/tests/test_payment.rs @@ -0,0 +1,62 @@ +mod helpers; + +use cosmwasm_std::{ + coins, + testing::{mock_env, mock_info}, + Uint128, +}; +use cw_utils::PaymentError; +use helpers::th_setup; +use mars_red_bank::contract; +use mars_red_bank_types::red_bank::ExecuteMsg; + +/// The Red Bank contract has 6 user-facing functions: deposit, withdraw, borrow, +/// repay, liquidate, and update_asset_collateral_status; amount these, 3 do not +/// expect the user to send any payment. This test verifies that they properly +/// reject if a user sends an expected payment. +/// +/// This is in response to this mainnet tx, where a user sends a payment with a +/// `withdraw` msg: +/// https://www.mintscan.io/osmosis/txs/2F214EE3A22DC93E61DE9A49BE616B317EB28AFC5E43B0AF07800AC7E6435522 +#[test] +fn rejecting_unexpected_payments() { + let mut deps = th_setup(&[]); + + let err = contract::execute( + deps.as_mut(), + mock_env(), + mock_info("larry", &coins(123, "uosmo")), + ExecuteMsg::Withdraw { + denom: "".into(), + amount: None, + recipient: None, + }, + ) + .unwrap_err(); + assert_eq!(err, PaymentError::NonPayable {}.into()); + + let err = contract::execute( + deps.as_mut(), + mock_env(), + mock_info("larry", &coins(234, "umars")), + ExecuteMsg::Borrow { + denom: "".into(), + amount: Uint128::zero(), + recipient: None, + }, + ) + .unwrap_err(); + assert_eq!(err, PaymentError::NonPayable {}.into()); + + let err = contract::execute( + deps.as_mut(), + mock_env(), + mock_info("larry", &coins(345, "uluna")), + ExecuteMsg::UpdateAssetCollateralStatus { + denom: "".into(), + enable: false, + }, + ) + .unwrap_err(); + assert_eq!(err, PaymentError::NonPayable {}.into()); +} diff --git a/scripts/package.json b/scripts/package.json index c20fcf870..70eac465e 100644 --- a/scripts/package.json +++ b/scripts/package.json @@ -1,6 +1,7 @@ { "name": "scripts", "version": "1.0.0", + "license": "GPL-3.0-or-later", "scripts": { "deploy:osmosis-testnet": "yarn build && node build/deploy/osmosis/testIndex.js", "deploy:osmosis-mainnet": "yarn build && node build/deploy/osmosis/mainIndex.js",