Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow using existing TSS account IDs in Staking pallet #657

Merged
merged 6 commits into from
Mar 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ At the moment this project **does not** adhere to
- Change test-cli default access mode and update readme for recent changes ([#643](https://github.com/entropyxyz/entropy-core/pull/643))
- Test CLI - dont send hardcoded auxiliary data by default when signing ([#614](https://github.com/entropyxyz/entropy-core/pull/614))
- Add proactive refresh keys on-chain ([#629](https://github.com/entropyxyz/entropy-core/pull/629))
- Disallow using existing TSS account IDs in Staking pallet #657 ([#657](https://github.com/entropyxyz/entropy-core/pull/657))

## [0.0.10](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.9...release/v0.0.10) - 2024-01-24

Expand Down
12 changes: 12 additions & 0 deletions pallets/staking/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@ pub mod pallet {
NoThresholdKey,
InvalidValidatorId,
SigningGroupError,
TssAccountAlreadyExists,
}

#[pallet::event]
Expand Down Expand Up @@ -288,6 +289,11 @@ pub mod pallet {
tss_account: T::AccountId,
x25519_public_key: X25519PublicKey,
) -> DispatchResult {
ensure!(
!ThresholdToStash::<T>::contains_key(&tss_account),
Error::<T>::TssAccountAlreadyExists
);

let who = ensure_signed(origin)?;
let stash = Self::get_stash(&who)?;
let validator_id = <T as pallet_session::Config>::ValidatorId::try_from(stash)
Expand Down Expand Up @@ -351,6 +357,12 @@ pub mod pallet {
endpoint.len() as u32 <= T::MaxEndpointLength::get(),
Error::<T>::EndpointTooLong
);

ensure!(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I would move this under the other ensure! check. Keeps those assertions close together and lets us bail earlier

!ThresholdToStash::<T>::contains_key(&tss_account),
Error::<T>::TssAccountAlreadyExists
);

let stash = Self::get_stash(&who)?;
pallet_staking::Pallet::<T>::validate(origin, prefs)?;
let validator_id = <T as pallet_session::Config>::ValidatorId::try_from(stash)
Expand Down
93 changes: 92 additions & 1 deletion pallets/staking/src/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -74,14 +74,49 @@ fn it_takes_in_an_endpoint() {
RuntimeOrigin::signed(4),
pallet_staking::ValidatorPrefs::default(),
vec![20, 20],
3,
5,
NULL_ARR
),
Error::<Test>::NotController
);
});
}

#[test]
fn it_will_not_allow_validator_to_use_existing_tss_account() {
new_test_ext().execute_with(|| {
assert_ok!(FrameStaking::bond(
RuntimeOrigin::signed(1),
100u64,
pallet_staking::RewardDestination::Account(1),
));
assert_ok!(Staking::validate(
RuntimeOrigin::signed(1),
pallet_staking::ValidatorPrefs::default(),
vec![20],
3,
NULL_ARR
));

// Attempt to call validate with a TSS account which already exists
assert_ok!(FrameStaking::bond(
RuntimeOrigin::signed(2),
100u64,
pallet_staking::RewardDestination::Account(2),
));
assert_noop!(
Staking::validate(
RuntimeOrigin::signed(2),
pallet_staking::ValidatorPrefs::default(),
vec![20],
3,
NULL_ARR
),
Error::<Test>::TssAccountAlreadyExists
);
Comment on lines +102 to +116
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd move this into its own test just to make sure we can isolate the original issue

});
}

#[test]
fn it_changes_endpoint() {
new_test_ext().execute_with(|| {
Expand Down Expand Up @@ -132,6 +167,62 @@ fn it_changes_threshold_account() {
Staking::change_threshold_accounts(RuntimeOrigin::signed(4), 5, NULL_ARR),
Error::<Test>::NotController
);

// Check that we cannot change to a TSS account which already exists
assert_ok!(FrameStaking::bond(
RuntimeOrigin::signed(2),
100u64,
pallet_staking::RewardDestination::Account(2),
));
assert_ok!(Staking::validate(
RuntimeOrigin::signed(2),
pallet_staking::ValidatorPrefs::default(),
vec![20],
5,
NULL_ARR
));

assert_noop!(
Staking::change_threshold_accounts(RuntimeOrigin::signed(1), 5, NULL_ARR),
Error::<Test>::TssAccountAlreadyExists
);
Comment on lines +171 to +188
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

});
}

#[test]
fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() {
new_test_ext().execute_with(|| {
assert_ok!(FrameStaking::bond(
RuntimeOrigin::signed(1),
100u64,
pallet_staking::RewardDestination::Account(1),
));
assert_ok!(Staking::validate(
RuntimeOrigin::signed(1),
pallet_staking::ValidatorPrefs::default(),
vec![20],
3,
NULL_ARR
));

// Check that we cannot change to a TSS account which already exists
assert_ok!(FrameStaking::bond(
RuntimeOrigin::signed(2),
100u64,
pallet_staking::RewardDestination::Account(2),
));
assert_ok!(Staking::validate(
RuntimeOrigin::signed(2),
pallet_staking::ValidatorPrefs::default(),
vec![20],
5,
NULL_ARR
));

assert_noop!(
Staking::change_threshold_accounts(RuntimeOrigin::signed(1), 5, NULL_ARR),
Error::<Test>::TssAccountAlreadyExists
);
});
}

Expand Down