From a85a53d5b38f0a21d66262a823a8b07f4f836b68 Mon Sep 17 00:00:00 2001 From: piux2 <90544084+piux2@users.noreply.github.com> Date: Wed, 11 Dec 2024 15:19:04 -0800 Subject: [PATCH] fix: prevent false positive return for guarding dao member store (#3121) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If we want to guard the MemStore by checking the active DAO realm, m.daoPkgPath must first be assigned a realm package path; otherwise, the isCallerDAORealm() method may return a false positive, failing to protect the MemStore.
Contributors' checklist... - [ ] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [ ] Updated the official documentation or not needed - [ ] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [ ] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests
--------- Co-authored-by: Miloš Živković --- examples/gno.land/p/demo/membstore/membstore.gno | 2 +- examples/gno.land/r/gov/dao/v2/dao.gno | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/gno.land/p/demo/membstore/membstore.gno b/examples/gno.land/p/demo/membstore/membstore.gno index 6e1932978d9..ca721d078e6 100644 --- a/examples/gno.land/p/demo/membstore/membstore.gno +++ b/examples/gno.land/p/demo/membstore/membstore.gno @@ -205,5 +205,5 @@ func (m *MembStore) TotalPower() uint64 { // the API of the member store is public and callable // by anyone who has a reference to the member store instance. func (m *MembStore) isCallerDAORealm() bool { - return m.daoPkgPath == "" || std.CurrentRealm().PkgPath() == m.daoPkgPath + return m.daoPkgPath != "" && std.CurrentRealm().PkgPath() == m.daoPkgPath } diff --git a/examples/gno.land/r/gov/dao/v2/dao.gno b/examples/gno.land/r/gov/dao/v2/dao.gno index 9263d8d440b..5ee8e63236a 100644 --- a/examples/gno.land/r/gov/dao/v2/dao.gno +++ b/examples/gno.land/r/gov/dao/v2/dao.gno @@ -13,6 +13,8 @@ var ( members membstore.MemberStore // the member store ) +const daoPkgPath = "gno.land/r/gov/dao/v2" + func init() { // Example initial member set (just test addresses) set := []membstore.Member{ @@ -23,7 +25,7 @@ func init() { } // Set the member store - members = membstore.NewMembStore(membstore.WithInitialMembers(set)) + members = membstore.NewMembStore(membstore.WithInitialMembers(set), membstore.WithDAOPkgPath(daoPkgPath)) // Set the DAO implementation d = simpledao.New(members)