Adds fallback allowlist lookup of authenticated address

This mitigates a recent incident where allowlist contained a non-checksummed address for LayerN, but LayerN requests contained a checksummed address resulting in failed rateConfig lookup.
Layr-Labs · Oct 25, 2024 · 4b53e54 · 4b53e54
1 parent db3da32
commit 4b53e54
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/disperser/apiserver/server.go b/disperser/apiserver/server.go
@@ -326,6 +326,15 @@ func (s *DispersalServer) getAccountRate(origin, authenticatedAddress string, qu
 	// Check if the address is in the allowlist
 	if len(authenticatedAddress) > 0 {
 		quorumRates, ok := s.rateConfig.Allowlist[authenticatedAddress]
+		if !ok {
+			// check fallback address (non-checksummed)
+			fallbackAuthenticatedAddress := strings.ToLower(authenticatedAddress)
+			quorumRates, ok = s.rateConfig.Allowlist[fallbackAuthenticatedAddress]
+			if ok {
+				s.logger.Warn("authenticated address found via fallback lookup", "authenticatedAddress", authenticatedAddress, "fallback", fallbackAuthenticatedAddress)
+				authenticatedAddress = fallbackAuthenticatedAddress
+			}
+		}
 		if ok {
 			rateInfo, ok := quorumRates[quorumID]
 			if ok {
@@ -339,7 +348,10 @@ func (s *DispersalServer) getAccountRate(origin, authenticatedAddress string, qu
 				rates.Name = rateInfo.Name
 				return rates, key, nil
 			}
+		} else {
+			s.logger.Warn("authenticated address not found in allowlist", "authenticatedAddress", authenticatedAddress)
 		}
+
 	}
 
 	// Check if the origin is in the allowlist