From 2550d2dd3e4510002864d8c9bc5d7fb41b7f16a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Zemanovi=C4=8D?= <tomas@heliax.dev>
Date: Wed, 20 Mar 2024 14:24:19 +0000
Subject: [PATCH] wasm/tx: insert_verifier from txs where needed

---
 crates/tx_prelude/src/proof_of_stake.rs       | 40 +++++++++++++++++++
 crates/tx_prelude/src/token.rs                |  7 ++++
 wasm/wasm_source/src/tx_init_proposal.rs      |  3 ++
 wasm/wasm_source/src/tx_resign_steward.rs     |  3 ++
 wasm/wasm_source/src/tx_update_account.rs     |  3 ++
 .../src/tx_update_steward_commission.rs       |  3 ++
 wasm/wasm_source/src/tx_vote_proposal.rs      |  3 ++
 7 files changed, 62 insertions(+)

diff --git a/crates/tx_prelude/src/proof_of_stake.rs b/crates/tx_prelude/src/proof_of_stake.rs
index 8e372722c7..18d748315d 100644
--- a/crates/tx_prelude/src/proof_of_stake.rs
+++ b/crates/tx_prelude/src/proof_of_stake.rs
@@ -26,6 +26,10 @@ impl Ctx {
         validator: &Address,
         amount: token::Amount,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         bond_tokens(self, source, validator, amount, current_epoch, None)
     }
@@ -39,6 +43,10 @@ impl Ctx {
         validator: &Address,
         amount: token::Amount,
     ) -> EnvResult<ResultSlashing> {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         unbond_tokens(self, source, validator, amount, current_epoch, false)
     }
@@ -51,6 +59,10 @@ impl Ctx {
         source: Option<&Address>,
         validator: &Address,
     ) -> EnvResult<token::Amount> {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         withdraw_tokens(self, source, validator, current_epoch)
     }
@@ -61,6 +73,9 @@ impl Ctx {
         validator: &Address,
         consensus_key: &common::PublicKey,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         change_consensus_key(self, validator, consensus_key, current_epoch)
     }
@@ -71,12 +86,18 @@ impl Ctx {
         validator: &Address,
         rate: &Dec,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         change_validator_commission_rate(self, validator, *rate, current_epoch)
     }
 
     /// Unjail a jailed validator and re-enter the validator sets.
     pub fn unjail_validator(&mut self, validator: &Address) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         unjail_validator(self, validator, current_epoch)
     }
@@ -89,6 +110,9 @@ impl Ctx {
         dest_validator: &Address,
         amount: token::Amount,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(owner)?;
+
         let current_epoch = self.get_block_epoch()?;
         redelegate_tokens(
             self,
@@ -106,6 +130,10 @@ impl Ctx {
         source: Option<&Address>,
         validator: &Address,
     ) -> EnvResult<token::Amount> {
+        // The tx must be authorized by the source address
+        let verifier = source.as_ref().unwrap_or(&validator);
+        self.insert_verifier(verifier)?;
+
         let current_epoch = self.get_block_epoch()?;
         claim_reward_tokens(self, source, validator, current_epoch)
     }
@@ -134,6 +162,9 @@ impl Ctx {
         let eth_hot_key = key::common::PublicKey::Secp256k1(eth_hot_key);
         let params = read_pos_params(self)?;
 
+        // The tx must be authorized by the source address
+        self.insert_verifier(&address)?;
+
         become_validator(
             self,
             namada_proof_of_stake::BecomeValidator {
@@ -162,12 +193,18 @@ impl Ctx {
 
     /// Deactivate validator
     pub fn deactivate_validator(&mut self, validator: &Address) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         deactivate_validator(self, validator, current_epoch)
     }
 
     /// Reactivate validator
     pub fn reactivate_validator(&mut self, validator: &Address) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         reactivate_validator(self, validator, current_epoch)
     }
@@ -184,6 +221,9 @@ impl Ctx {
         avatar: Option<String>,
         commission_rate: Option<Dec>,
     ) -> TxResult {
+        // The tx must be authorized by the source address
+        self.insert_verifier(validator)?;
+
         let current_epoch = self.get_block_epoch()?;
         change_validator_metadata(
             self,
diff --git a/crates/tx_prelude/src/token.rs b/crates/tx_prelude/src/token.rs
index a42794e8bb..65d2d16396 100644
--- a/crates/tx_prelude/src/token.rs
+++ b/crates/tx_prelude/src/token.rs
@@ -4,6 +4,7 @@ use namada_proof_of_stake::token::storage_key::{
 };
 use namada_storage::{Error as StorageError, ResultExt};
 pub use namada_token::*;
+use namada_tx_env::TxEnv;
 
 use crate::{Ctx, StorageRead, StorageWrite, TxResult};
 
@@ -16,6 +17,9 @@ pub fn transfer(
     token: &Address,
     amount: DenominatedAmount,
 ) -> TxResult {
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(src)?;
+
     let amount = denom_to_amount(amount, token, ctx)?;
     if amount != Amount::default() && src != dest {
         let src_key = balance_key(token, src);
@@ -41,6 +45,9 @@ pub fn undenominated_transfer(
     token: &Address,
     amount: Amount,
 ) -> TxResult {
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(src)?;
+
     if amount != Amount::default() && src != dest {
         let src_key = balance_key(token, src);
         let dest_key = balance_key(token, dest);
diff --git a/wasm/wasm_source/src/tx_init_proposal.rs b/wasm/wasm_source/src/tx_init_proposal.rs
index dd7018a399..5c6614dd79 100644
--- a/wasm/wasm_source/src/tx_init_proposal.rs
+++ b/wasm/wasm_source/src/tx_init_proposal.rs
@@ -11,6 +11,9 @@ fn apply_tx(ctx: &mut Ctx, tx: Tx) -> TxResult {
     let tx_data = governance::InitProposalData::try_from_slice(&data[..])
         .wrap_err("failed to decode InitProposalData")?;
 
+    // The tx must be authorized by the author address
+    ctx.insert_verifier(&tx_data.author)?;
+
     // Get the content from the referred to section
     let content = tx
         .get_section(&tx_data.content)
diff --git a/wasm/wasm_source/src/tx_resign_steward.rs b/wasm/wasm_source/src/tx_resign_steward.rs
index 10d8045895..2421639484 100644
--- a/wasm/wasm_source/src/tx_resign_steward.rs
+++ b/wasm/wasm_source/src/tx_resign_steward.rs
@@ -12,6 +12,9 @@ fn apply_tx(ctx: &mut Ctx, tx_data: Tx) -> TxResult {
     let steward_address = Address::try_from_slice(&data[..])
         .wrap_err("failed to decode an Address")?;
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(&steward_address)?;
+
     pgf::remove_steward(ctx, &steward_address)?;
 
     Ok(())
diff --git a/wasm/wasm_source/src/tx_update_account.rs b/wasm/wasm_source/src/tx_update_account.rs
index 86038ab489..cdba3bee6e 100644
--- a/wasm/wasm_source/src/tx_update_account.rs
+++ b/wasm/wasm_source/src/tx_update_account.rs
@@ -17,6 +17,9 @@ fn apply_tx(ctx: &mut Ctx, tx: Tx) -> TxResult {
     let owner = &tx_data.addr;
     debug_log!("update VP for: {:#?}", tx_data.addr);
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(owner)?;
+
     if let Some(hash) = tx_data.vp_code_hash {
         let vp_code_sec = signed
             .get_section(&hash)
diff --git a/wasm/wasm_source/src/tx_update_steward_commission.rs b/wasm/wasm_source/src/tx_update_steward_commission.rs
index 164414bcd8..748a53943f 100644
--- a/wasm/wasm_source/src/tx_update_steward_commission.rs
+++ b/wasm/wasm_source/src/tx_update_steward_commission.rs
@@ -13,6 +13,9 @@ fn apply_tx(ctx: &mut Ctx, tx_data: Tx) -> TxResult {
     let steward_commission = UpdateStewardCommission::try_from_slice(&data[..])
         .wrap_err("failed to decode an UpdateStewardCommission")?;
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(&steward_commission.steward)?;
+
     pgf::update_steward_commission(ctx, steward_commission)?;
 
     Ok(())
diff --git a/wasm/wasm_source/src/tx_vote_proposal.rs b/wasm/wasm_source/src/tx_vote_proposal.rs
index bd68cd0c73..1b41e5b1eb 100644
--- a/wasm/wasm_source/src/tx_vote_proposal.rs
+++ b/wasm/wasm_source/src/tx_vote_proposal.rs
@@ -12,6 +12,9 @@ fn apply_tx(ctx: &mut Ctx, tx_data: Tx) -> TxResult {
     let tx_data = governance::VoteProposalData::try_from_slice(&data[..])
         .wrap_err("failed to decode VoteProposalData")?;
 
+    // The tx must be authorized by the source address
+    ctx.insert_verifier(&tx_data.voter)?;
+
     debug_log!("apply_tx called to vote a governance proposal");
 
     governance::vote_proposal(ctx, tx_data)