From f31e30832aa198df1e1d26c22da58a1468b56645 Mon Sep 17 00:00:00 2001 From: librelois <c@elo.tf> Date: Sun, 10 Jul 2022 15:51:38 +0200 Subject: [PATCH] fix(proxy): some calls should never be authorized from proxy --- runtime/g1/src/lib.rs | 12 +++++++++--- runtime/gdev/src/lib.rs | 12 +++++++++--- runtime/gdev/tests/integration_tests.rs | 2 +- runtime/gtest/src/lib.rs | 12 +++++++++--- 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/runtime/g1/src/lib.rs b/runtime/g1/src/lib.rs index 75f12540d..5a28e63f1 100644 --- a/runtime/g1/src/lib.rs +++ b/runtime/g1/src/lib.rs @@ -159,19 +159,25 @@ impl Contains<Call> for BaseCallFilter { )] #[allow(clippy::unnecessary_cast)] pub enum ProxyType { - Any = 0, + AlmostAny = 0, TransferOnly = 1, CancelProxy = 2, } impl Default for ProxyType { fn default() -> Self { - Self::Any + Self::AlmostAny } } impl frame_support::traits::InstanceFilter<Call> for ProxyType { fn filter(&self, c: &Call) -> bool { match self { - ProxyType::Any => true, + ProxyType::AlmostAny => { + // Some calls are never authorized from a proxied account + !matches!( + c, + Call::Cert(..) | Call::Identity(..) | Call::SmithsCert(..) + ) + } ProxyType::TransferOnly => { matches!(c, Call::Balances(..) | Call::UniversalDividend(..)) } diff --git a/runtime/gdev/src/lib.rs b/runtime/gdev/src/lib.rs index 6e574292b..f350f9f2b 100644 --- a/runtime/gdev/src/lib.rs +++ b/runtime/gdev/src/lib.rs @@ -181,20 +181,26 @@ impl Contains<Call> for BaseCallFilter { )] #[allow(clippy::unnecessary_cast)] pub enum ProxyType { - Any = 0, + AlmostAny = 0, TransferOnly = 1, CancelProxy = 2, SmithsCollectivePropose = 3, } impl Default for ProxyType { fn default() -> Self { - Self::Any + Self::AlmostAny } } impl frame_support::traits::InstanceFilter<Call> for ProxyType { fn filter(&self, c: &Call) -> bool { match self { - ProxyType::Any => true, + ProxyType::AlmostAny => { + // Some calls are never authorized from a proxied account + !matches!( + c, + Call::Cert(..) | Call::Identity(..) | Call::SmithsCert(..) + ) + } ProxyType::TransferOnly => { matches!(c, Call::Balances(..) | Call::UniversalDividend(..)) } diff --git a/runtime/gdev/tests/integration_tests.rs b/runtime/gdev/tests/integration_tests.rs index 3cad420ec..5c8c50df9 100644 --- a/runtime/gdev/tests/integration_tests.rs +++ b/runtime/gdev/tests/integration_tests.rs @@ -71,7 +71,7 @@ fn verify_pallet_indices() { #[test] fn verify_proxy_type_indices() { - assert_eq!(ProxyType::Any as u8, 0); + assert_eq!(ProxyType::AlmostAny as u8, 0); } #[test] diff --git a/runtime/gtest/src/lib.rs b/runtime/gtest/src/lib.rs index 43c84ab9e..0c534e3a5 100644 --- a/runtime/gtest/src/lib.rs +++ b/runtime/gtest/src/lib.rs @@ -160,19 +160,25 @@ impl Contains<Call> for BaseCallFilter { )] #[allow(clippy::unnecessary_cast)] pub enum ProxyType { - Any = 0, + AlmostAny = 0, TransferOnly = 1, CancelProxy = 2, } impl Default for ProxyType { fn default() -> Self { - Self::Any + Self::AlmostAny } } impl frame_support::traits::InstanceFilter<Call> for ProxyType { fn filter(&self, c: &Call) -> bool { match self { - ProxyType::Any => true, + ProxyType::AlmostAny => { + // Some calls are never authorized from a proxied account + !matches!( + c, + Call::Cert(..) | Call::Identity(..) | Call::SmithsCert(..) + ) + } ProxyType::TransferOnly => { matches!(c, Call::Balances(..) | Call::UniversalDividend(..)) } -- GitLab