From 49677b860ab4e3a66f23e98d6d8890b82f4e8803 Mon Sep 17 00:00:00 2001 From: larry <26318510+larry0x@users.noreply.github.com> Date: Wed, 8 Feb 2023 01:29:46 +0000 Subject: [PATCH 1/4] reject unexpected payments --- contracts/red-bank/src/contract.rs | 15 ++++-- contracts/red-bank/tests/test_payment.rs | 62 ++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 contracts/red-bank/tests/test_payment.rs diff --git a/contracts/red-bank/src/contract.rs b/contracts/red-bank/src/contract.rs index e467c5c76..7b68812ef 100644 --- a/contracts/red-bank/src/contract.rs +++ b/contracts/red-bank/src/contract.rs @@ -51,12 +51,18 @@ pub fn execute( denom, amount, recipient, - } => execute::withdraw(deps, env, info, denom, amount, recipient), + } => { + cw_utils::nonpayable(&info)?; + execute::withdraw(deps, env, info, denom, amount, recipient) + }, ExecuteMsg::Borrow { denom, amount, recipient, - } => execute::borrow(deps, env, info, denom, amount, recipient), + } => { + cw_utils::nonpayable(&info)?; + execute::borrow(deps, env, info, denom, amount, recipient) + }, ExecuteMsg::Repay { on_behalf_of, } => { @@ -84,7 +90,10 @@ pub fn execute( ExecuteMsg::UpdateAssetCollateralStatus { denom, enable, - } => execute::update_asset_collateral_status(deps, env, info, denom, enable), + } => { + cw_utils::nonpayable(&info)?; + execute::update_asset_collateral_status(deps, env, info, denom, enable) + }, } } diff --git a/contracts/red-bank/tests/test_payment.rs b/contracts/red-bank/tests/test_payment.rs new file mode 100644 index 000000000..dc5cef4ee --- /dev/null +++ b/contracts/red-bank/tests/test_payment.rs @@ -0,0 +1,62 @@ +mod helpers; + +use cosmwasm_std::{ + coins, + testing::{mock_env, mock_info}, + Uint128, +}; +use cw_utils::PaymentError; +use helpers::th_setup; +use mars_red_bank::contract; +use mars_red_bank_types::red_bank::ExecuteMsg; + +/// The Red Bank contract has 6 user-facing functions: deposit, withdraw, borrow, +/// repay, liquidate, and update_asset_collateral_status; amont these, 3 do not +/// expect the user to send any payment. This test verifies that they properly +/// reject if a user sends an expected payment. +/// +/// This is in response to this mainnet tx, where a user sends a payment with a +/// `withdraw` msg: +/// https://www.mintscan.io/osmosis/txs/2F214EE3A22DC93E61DE9A49BE616B317EB28AFC5E43B0AF07800AC7E6435522 +#[test] +fn rejecting_unexpected_payments() { + let mut deps = th_setup(&[]); + + let err = contract::execute( + deps.as_mut(), + mock_env(), + mock_info("larry", &coins(123, "uosmo")), + ExecuteMsg::Withdraw { + denom: "".into(), + amount: None, + recipient: None, + }, + ) + .unwrap_err(); + assert_eq!(err, PaymentError::NonPayable {}.into()); + + let err = contract::execute( + deps.as_mut(), + mock_env(), + mock_info("larry", &coins(234, "umars")), + ExecuteMsg::Borrow { + denom: "".into(), + amount: Uint128::zero(), + recipient: None, + }, + ) + .unwrap_err(); + assert_eq!(err, PaymentError::NonPayable {}.into()); + + let err = contract::execute( + deps.as_mut(), + mock_env(), + mock_info("larry", &coins(345, "uluna")), + ExecuteMsg::UpdateAssetCollateralStatus { + denom: "".into(), + enable: false, + }, + ) + .unwrap_err(); + assert_eq!(err, PaymentError::NonPayable {}.into()); +} From da4d3fc586ddc7db9907fbe34807500ee36901a2 Mon Sep 17 00:00:00 2001 From: larry <26318510+larry0x@users.noreply.github.com> Date: Wed, 8 Feb 2023 02:42:39 +0000 Subject: [PATCH 2/4] fix a borrow unit test --- contracts/red-bank/tests/test_borrow.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contracts/red-bank/tests/test_borrow.rs b/contracts/red-bank/tests/test_borrow.rs index cb83f7bc8..bef237ba9 100644 --- a/contracts/red-bank/tests/test_borrow.rs +++ b/contracts/red-bank/tests/test_borrow.rs @@ -945,7 +945,7 @@ fn cannot_borrow_if_market_not_enabled() { // Check error when borrowing not allowed on market let env = mock_env(MockEnvParams::default()); - let info = cosmwasm_std::testing::mock_info("borrower", &[coin(110000, "somecoin")]); + let info = cosmwasm_std::testing::mock_info("borrower", &[]); let msg = ExecuteMsg::Borrow { denom: "somecoin".to_string(), amount: Uint128::new(1000), From 2ae31eff357ef3ad304e215c3c78be88cff07674 Mon Sep 17 00:00:00 2001 From: larry <26318510+larry0x@users.noreply.github.com> Date: Wed, 8 Feb 2023 03:26:10 +0000 Subject: [PATCH 3/4] add license to package.json --- scripts/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/package.json b/scripts/package.json index c20fcf870..70eac465e 100644 --- a/scripts/package.json +++ b/scripts/package.json @@ -1,6 +1,7 @@ { "name": "scripts", "version": "1.0.0", + "license": "GPL-3.0-or-later", "scripts": { "deploy:osmosis-testnet": "yarn build && node build/deploy/osmosis/testIndex.js", "deploy:osmosis-mainnet": "yarn build && node build/deploy/osmosis/mainIndex.js", From 3578de57c1a37004c0c20760f37d65d13f14756b Mon Sep 17 00:00:00 2001 From: Piotr Babel Date: Fri, 24 Mar 2023 15:58:30 +0100 Subject: [PATCH 4/4] Update schema. --- contracts/red-bank/src/contract.rs | 6 +++--- contracts/red-bank/tests/test_payment.rs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contracts/red-bank/src/contract.rs b/contracts/red-bank/src/contract.rs index 7b68812ef..cbbb0687b 100644 --- a/contracts/red-bank/src/contract.rs +++ b/contracts/red-bank/src/contract.rs @@ -54,7 +54,7 @@ pub fn execute( } => { cw_utils::nonpayable(&info)?; execute::withdraw(deps, env, info, denom, amount, recipient) - }, + } ExecuteMsg::Borrow { denom, amount, @@ -62,7 +62,7 @@ pub fn execute( } => { cw_utils::nonpayable(&info)?; execute::borrow(deps, env, info, denom, amount, recipient) - }, + } ExecuteMsg::Repay { on_behalf_of, } => { @@ -93,7 +93,7 @@ pub fn execute( } => { cw_utils::nonpayable(&info)?; execute::update_asset_collateral_status(deps, env, info, denom, enable) - }, + } } } diff --git a/contracts/red-bank/tests/test_payment.rs b/contracts/red-bank/tests/test_payment.rs index dc5cef4ee..588997c7a 100644 --- a/contracts/red-bank/tests/test_payment.rs +++ b/contracts/red-bank/tests/test_payment.rs @@ -11,7 +11,7 @@ use mars_red_bank::contract; use mars_red_bank_types::red_bank::ExecuteMsg; /// The Red Bank contract has 6 user-facing functions: deposit, withdraw, borrow, -/// repay, liquidate, and update_asset_collateral_status; amont these, 3 do not +/// repay, liquidate, and update_asset_collateral_status; amount these, 3 do not /// expect the user to send any payment. This test verifies that they properly /// reject if a user sends an expected payment. ///