From fe4a55eaf4d0fd9b17056ca414f463d277a8927c Mon Sep 17 00:00:00 2001
From: Jeremy Liu <31809888+NotJeremyLiu@users.noreply.github.com>
Date: Thu, 6 Jul 2023 16:05:46 -0400
Subject: [PATCH] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20Use=20an=20addr=20instead?=
 =?UTF-8?q?=20of=20str=20for=20map=20key?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- avoid any issues with upper/lower case that can cause a bypass of the blocked address list
---
 contracts/entry-point/src/contract.rs                       | 6 +++---
 contracts/entry-point/src/execute.rs                        | 4 ++--
 contracts/entry-point/src/state.rs                          | 2 +-
 .../entry-point/tests/test_execute_post_swap_action.rs      | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/contracts/entry-point/src/contract.rs b/contracts/entry-point/src/contract.rs
index 539d0367..09826a26 100644
--- a/contracts/entry-point/src/contract.rs
+++ b/contracts/entry-point/src/contract.rs
@@ -24,7 +24,7 @@ pub fn instantiate(
     let mut response: Response = Response::new().add_attribute("action", "instantiate");
 
     // Insert the entry point contract address into the blocked contract addresses map
-    BLOCKED_CONTRACT_ADDRESSES.save(deps.storage, env.contract.address.as_str(), &())?;
+    BLOCKED_CONTRACT_ADDRESSES.save(deps.storage, &env.contract.address, &())?;
 
     // Iterate through the swap venues provided and create a map of venue names to swap adapter contract addresses
     for swap_venue in msg.swap_venues.iter() {
@@ -46,7 +46,7 @@ pub fn instantiate(
         )?;
 
         // Insert the swap contract address into the blocked contract addresses map
-        BLOCKED_CONTRACT_ADDRESSES.save(deps.storage, &swap_venue.adapter_contract_address, &())?;
+        BLOCKED_CONTRACT_ADDRESSES.save(deps.storage, &checked_swap_contract_address, &())?;
 
         // Add the swap venue and contract address to the response
         response = response
@@ -63,7 +63,7 @@ pub fn instantiate(
     IBC_TRANSFER_CONTRACT_ADDRESS.save(deps.storage, &checked_ibc_transfer_contract_address)?;
 
     // Insert the ibc transfer adapter contract address into the blocked contract addresses map
-    BLOCKED_CONTRACT_ADDRESSES.save(deps.storage, &msg.ibc_transfer_contract_address, &())?;
+    BLOCKED_CONTRACT_ADDRESSES.save(deps.storage, &checked_ibc_transfer_contract_address, &())?;
 
     // Add the ibc transfer adapter contract address to the response
     response = response
diff --git a/contracts/entry-point/src/execute.rs b/contracts/entry-point/src/execute.rs
index acd18c7a..21c4c9f6 100644
--- a/contracts/entry-point/src/execute.rs
+++ b/contracts/entry-point/src/execute.rs
@@ -326,10 +326,10 @@ fn verify_and_create_contract_call_msg(
     transfer_out_coin: Coin,
 ) -> ContractResult<WasmMsg> {
     // Verify the contract address is valid, error if invalid
-    deps.api.addr_validate(&contract_address)?;
+    let checked_contract_address = deps.api.addr_validate(&contract_address)?;
 
     // Error if the contract address is in the blocked contract addresses map
-    if BLOCKED_CONTRACT_ADDRESSES.has(deps.storage, &contract_address) {
+    if BLOCKED_CONTRACT_ADDRESSES.has(deps.storage, &checked_contract_address) {
         return Err(ContractError::ContractCallAddressBlocked);
     }
 
diff --git a/contracts/entry-point/src/state.rs b/contracts/entry-point/src/state.rs
index ce937c1c..f16433d8 100644
--- a/contracts/entry-point/src/state.rs
+++ b/contracts/entry-point/src/state.rs
@@ -1,6 +1,6 @@
 use cosmwasm_std::Addr;
 use cw_storage_plus::{Item, Map};
 
-pub const BLOCKED_CONTRACT_ADDRESSES: Map<&str, ()> = Map::new("blocked_contract_addresses");
+pub const BLOCKED_CONTRACT_ADDRESSES: Map<&Addr, ()> = Map::new("blocked_contract_addresses");
 pub const SWAP_VENUE_MAP: Map<&str, Addr> = Map::new("swap_venue_map");
 pub const IBC_TRANSFER_CONTRACT_ADDRESS: Item<Addr> = Item::new("ibc_transfer_contract_address");
diff --git a/contracts/entry-point/tests/test_execute_post_swap_action.rs b/contracts/entry-point/tests/test_execute_post_swap_action.rs
index 0538a947..17b104c4 100644
--- a/contracts/entry-point/tests/test_execute_post_swap_action.rs
+++ b/contracts/entry-point/tests/test_execute_post_swap_action.rs
@@ -553,7 +553,7 @@ fn test_execute_post_swap_action(params: Params) {
 
     // Store the entry point contract address in the blocked contract addresses map
     BLOCKED_CONTRACT_ADDRESSES
-        .save(deps.as_mut().storage, "entry_point", &())
+        .save(deps.as_mut().storage, &Addr::unchecked("entry_point"), &())
         .unwrap();
 
     // Call execute_post_swap_action with the given test parameters