Skip to content

Commit

Permalink
Adds fallback allowlist lookup of authenticated address
Browse files Browse the repository at this point in the history
This mitigates a recent incident where allowlist contained a
non-checksummed address for LayerN, but LayerN requests contained a checksummed
address resulting in failed rateConfig lookup.
  • Loading branch information
pschork committed Oct 25, 2024
1 parent db3da32 commit ab4db13
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions disperser/apiserver/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,15 @@ func (s *DispersalServer) getAccountRate(origin, authenticatedAddress string, qu
// Check if the address is in the allowlist
if len(authenticatedAddress) > 0 {
quorumRates, ok := s.rateConfig.Allowlist[authenticatedAddress]
if !ok {
// check fallback address (non-checksummed)
fallbackAuthenticatedAddress := strings.ToLower(authenticatedAddress)
quorumRates, ok = s.rateConfig.Allowlist[fallbackAuthenticatedAddress]
if ok {
s.logger.Warn("authenticated address found via fallback lookup", "authenticatedAddress", authenticatedAddress, "fallback", fallbackAuthenticatedAddress)
authenticatedAddress = fallbackAuthenticatedAddress
}
}
if ok {
rateInfo, ok := quorumRates[quorumID]
if ok {
Expand All @@ -339,7 +348,10 @@ func (s *DispersalServer) getAccountRate(origin, authenticatedAddress string, qu
rates.Name = rateInfo.Name
return rates, key, nil
}
} else {
s.logger.Warn("authenticated address not found in allowlist", "authenticateAddress", authenticatedAddress)
}

}

// Check if the origin is in the allowlist
Expand Down

0 comments on commit ab4db13

Please sign in to comment.