From a85a53d5b38f0a21d66262a823a8b07f4f836b68 Mon Sep 17 00:00:00 2001
From: piux2 <90544084+piux2@users.noreply.github.com>
Date: Wed, 11 Dec 2024 15:19:04 -0800
Subject: [PATCH] fix: prevent false positive return for guarding dao member
store (#3121)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If we want to guard the MemStore by checking the active DAO realm,
m.daoPkgPath must first be assigned a realm package path; otherwise, the
isCallerDAORealm() method may return a false positive, failing to
protect the MemStore.
Contributors' checklist...
- [ ] Added new tests, or not needed, or not feasible
- [ ] Provided an example (e.g. screenshot) to aid review or the PR is
self-explanatory
- [ ] Updated the official documentation or not needed
- [ ] No breaking changes were made, or a `BREAKING CHANGE: xxx` message
was included in the description
- [ ] Added references to related issues and PRs
- [ ] Provided any useful hints for running manual tests
---------
Co-authored-by: Miloš Živković
---
examples/gno.land/p/demo/membstore/membstore.gno | 2 +-
examples/gno.land/r/gov/dao/v2/dao.gno | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/examples/gno.land/p/demo/membstore/membstore.gno b/examples/gno.land/p/demo/membstore/membstore.gno
index 6e1932978d9..ca721d078e6 100644
--- a/examples/gno.land/p/demo/membstore/membstore.gno
+++ b/examples/gno.land/p/demo/membstore/membstore.gno
@@ -205,5 +205,5 @@ func (m *MembStore) TotalPower() uint64 {
// the API of the member store is public and callable
// by anyone who has a reference to the member store instance.
func (m *MembStore) isCallerDAORealm() bool {
- return m.daoPkgPath == "" || std.CurrentRealm().PkgPath() == m.daoPkgPath
+ return m.daoPkgPath != "" && std.CurrentRealm().PkgPath() == m.daoPkgPath
}
diff --git a/examples/gno.land/r/gov/dao/v2/dao.gno b/examples/gno.land/r/gov/dao/v2/dao.gno
index 9263d8d440b..5ee8e63236a 100644
--- a/examples/gno.land/r/gov/dao/v2/dao.gno
+++ b/examples/gno.land/r/gov/dao/v2/dao.gno
@@ -13,6 +13,8 @@ var (
members membstore.MemberStore // the member store
)
+const daoPkgPath = "gno.land/r/gov/dao/v2"
+
func init() {
// Example initial member set (just test addresses)
set := []membstore.Member{
@@ -23,7 +25,7 @@ func init() {
}
// Set the member store
- members = membstore.NewMembStore(membstore.WithInitialMembers(set))
+ members = membstore.NewMembStore(membstore.WithInitialMembers(set), membstore.WithDAOPkgPath(daoPkgPath))
// Set the DAO implementation
d = simpledao.New(members)