wasm/tx: insert_verifier from txs where needed

crates/tx_prelude/src/proof_of_stake.rs

@@ -26,6 +26,10 @@ impl Ctx {
         validator: &Address,
         amount: token::Amount,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         bond_tokens(self, source, validator, amount, current_epoch, None)
     }
@@ -39,6 +43,10 @@ impl Ctx {
         validator: &Address,
         amount: token::Amount,
     ) -> EnvResult<ResultSlashing> {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         unbond_tokens(self, source, validator, amount, current_epoch, false)
     }
@@ -51,6 +59,10 @@ impl Ctx {
         source: Option<&Address>,
         validator: &Address,
     ) -> EnvResult<token::Amount> {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         withdraw_tokens(self, source, validator, current_epoch)
     }
@@ -61,6 +73,9 @@ impl Ctx {
         validator: &Address,
         consensus_key: &common::PublicKey,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         change_consensus_key(self, validator, consensus_key, current_epoch)
     }
@@ -71,12 +86,18 @@ impl Ctx {
         validator: &Address,
         rate: &Dec,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         change_validator_commission_rate(self, validator, *rate, current_epoch)
     }
 
     /// Unjail a jailed validator and re-enter the validator sets.
     pub fn unjail_validator(&mut self, validator: &Address) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         unjail_validator(self, validator, current_epoch)
     }
@@ -89,6 +110,9 @@ impl Ctx {
         dest_validator: &Address,
         amount: token::Amount,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(owner)?;
+
         let current_epoch = self.get_block_epoch()?;
         redelegate_tokens(
             self,
@@ -106,6 +130,10 @@ impl Ctx {
         source: Option<&Address>,
         validator: &Address,
     ) -> EnvResult<token::Amount> {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         claim_reward_tokens(self, source, validator, current_epoch)
     }
@@ -134,6 +162,9 @@ impl Ctx {
         let eth_hot_key = key::common::PublicKey::Secp256k1(eth_hot_key);
         let params = read_pos_params(self)?;
 
+        // The tx must be authorized by the source address
+        self.insert_verifier(&address)?;
+
         become_validator(
             self,
             namada_proof_of_stake::BecomeValidator {
@@ -162,12 +193,18 @@ impl Ctx {
 
     /// Deactivate validator
     pub fn deactivate_validator(&mut self, validator: &Address) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         deactivate_validator(self, validator, current_epoch)
     }
 
     /// Reactivate validator
     pub fn reactivate_validator(&mut self, validator: &Address) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         reactivate_validator(self, validator, current_epoch)
     }
@@ -184,6 +221,9 @@ impl Ctx {
         avatar: Option<String>,
         commission_rate: Option<Dec>,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         change_validator_metadata(
             self,

crates/tx_prelude/src/token.rs

@@ -4,6 +4,7 @@ use namada_proof_of_stake::token::storage_key::{
 };
 use namada_storage::{Error as StorageError, ResultExt};
 pub use namada_token::*;
+use namada_tx_env::TxEnv;
 
 use crate::{Ctx, StorageRead, StorageWrite, TxResult};
 
@@ -16,6 +17,9 @@ pub fn transfer(
     token: &Address,
     amount: DenominatedAmount,
 ) -> TxResult {
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(src)?;
+
     let amount = denom_to_amount(amount, token, ctx)?;
     if amount != Amount::default() && src != dest {
         let src_key = balance_key(token, src);
@@ -41,6 +45,9 @@ pub fn undenominated_transfer(
     token: &Address,
     amount: Amount,
 ) -> TxResult {
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(src)?;
+
     if amount != Amount::default() && src != dest {
         let src_key = balance_key(token, src);
         let dest_key = balance_key(token, dest);

wasm/wasm_source/src/tx_init_proposal.rs

@@ -11,6 +11,9 @@ fn apply_tx(ctx: &mut Ctx, tx: Tx) -> TxResult {
     let tx_data = governance::InitProposalData::try_from_slice(&data[..])
         .wrap_err("failed to decode InitProposalData")?;
 
+    // The tx must be authorized by the author address
+    ctx.insert_verifier(&tx_data.author)?;
+
     // Get the content from the referred to section
     let content = tx
         .get_section(&tx_data.content)

wasm/wasm_source/src/tx_resign_steward.rs

@@ -12,6 +12,9 @@ fn apply_tx(ctx: &mut Ctx, tx_data: Tx) -> TxResult {
     let steward_address = Address::try_from_slice(&data[..])
         .wrap_err("failed to decode an Address")?;
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(&steward_address)?;
+
     pgf::remove_steward(ctx, &steward_address)?;
 
     Ok(())

wasm/wasm_source/src/tx_update_account.rs

@@ -17,6 +17,9 @@ fn apply_tx(ctx: &mut Ctx, tx: Tx) -> TxResult {
     let owner = &tx_data.addr;
     debug_log!("update VP for: {:#?}", tx_data.addr);
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(owner)?;
+
     if let Some(hash) = tx_data.vp_code_hash {
         let vp_code_sec = signed
             .get_section(&hash)

wasm/wasm_source/src/tx_update_steward_commission.rs

@@ -13,6 +13,9 @@ fn apply_tx(ctx: &mut Ctx, tx_data: Tx) -> TxResult {
     let steward_commission = UpdateStewardCommission::try_from_slice(&data[..])
         .wrap_err("failed to decode an UpdateStewardCommission")?;
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(&steward_commission.steward)?;
+
     pgf::update_steward_commission(ctx, steward_commission)?;
 
     Ok(())

wasm/wasm_source/src/tx_vote_proposal.rs

@@ -12,6 +12,9 @@ fn apply_tx(ctx: &mut Ctx, tx_data: Tx) -> TxResult {
     let tx_data = governance::VoteProposalData::try_from_slice(&data[..])
         .wrap_err("failed to decode VoteProposalData")?;
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(&tx_data.voter)?;
+
     debug_log!("apply_tx called to vote a governance proposal");
 
     governance::vote_proposal(ctx, tx_data)