From 122484950341f0c765e509f76d566c41b4a8e9d8 Mon Sep 17 00:00:00 2001
From: Nathan Seva <thykof@protonmail.ch>
Date: Mon, 15 Jul 2024 18:40:12 -0300
Subject: [PATCH] assert spender is caller

---
 smart-contract/assembly/contracts/main.ts | 2 ++
 smart-contract/assembly/internal.ts       | 5 +----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/smart-contract/assembly/contracts/main.ts b/smart-contract/assembly/contracts/main.ts
index 2490bce..0c7646e 100644
--- a/smart-contract/assembly/contracts/main.ts
+++ b/smart-contract/assembly/contracts/main.ts
@@ -46,9 +46,11 @@ export function startScheduleSendFT(binaryArgs: StaticArray<u8>): void {
   const schedule = args
     .nextSerializable<Schedule>()
     .expect('Schedule is missing or invalid');
+  assert(Context.caller() === new Address(schedule.spender), 'Unauthorized');
   checkAllowance(
     schedule.tokenAddress,
     schedule.spender,
+    // @ts-ignore
     schedule.amount * u256.fromU64(schedule.occurrences), // TODO: use SafeMathU256
   );
   scheduleAllSendFT(schedule);
diff --git a/smart-contract/assembly/internal.ts b/smart-contract/assembly/internal.ts
index c87069f..c66779c 100644
--- a/smart-contract/assembly/internal.ts
+++ b/smart-contract/assembly/internal.ts
@@ -78,16 +78,13 @@ const schedulesPrefix = 'SCHEDULE';
 export const idCounterKey = stringToBytes('C');
 
 function getIdCounter(): u64 {
-  if (!Storage.has(idCounterKey)) {
-    return 0;
-  }
   return bytesToU64(Storage.get(idCounterKey));
 }
 
 function incrementIdCounter(): u64 {
   const counter = getIdCounter();
   const inc = counter + 1;
-  Storage.set(idCounterKey, u64ToBytes(counter + 1));
+  Storage.set(idCounterKey, u64ToBytes(inc));
   return inc;
 }