From 85402cdd21cf9d36e0fc9f63493c8b58aaca81e8 Mon Sep 17 00:00:00 2001 From: Julian Compagni Portis Date: Thu, 9 Jan 2025 14:37:40 -0700 Subject: [PATCH 1/2] Add whitelist_lps permissions --- .../dao/neutron-chain-manager/src/contract.rs | 7 +++ .../src/dex_module_types.rs | 1 + .../dao/neutron-chain-manager/src/msg.rs | 2 + .../src/testing/mock_querier.rs | 1 + .../src/testing/tests.rs | 62 +++++++++++++++++-- 5 files changed, 68 insertions(+), 5 deletions(-) diff --git a/contracts/dao/neutron-chain-manager/src/contract.rs b/contracts/dao/neutron-chain-manager/src/contract.rs index 496f6117..18042c19 100644 --- a/contracts/dao/neutron-chain-manager/src/contract.rs +++ b/contracts/dao/neutron-chain-manager/src/contract.rs @@ -410,6 +410,13 @@ fn check_dex_update_msg_params( return Err(ContractError::Unauthorized {}); } + if dex_params.params.whitelisted_lps + != msg_update_params.params.whitelisted_lps + && !dex_update_param_permission.whitelisted_lps + { + return Err(ContractError::Unauthorized {}); + } + Ok(()) } diff --git a/contracts/dao/neutron-chain-manager/src/dex_module_types.rs b/contracts/dao/neutron-chain-manager/src/dex_module_types.rs index 322f0ba8..5a0cf673 100644 --- a/contracts/dao/neutron-chain-manager/src/dex_module_types.rs +++ b/contracts/dao/neutron-chain-manager/src/dex_module_types.rs @@ -24,6 +24,7 @@ pub struct ParamsDex { pub max_jits_per_block: u64, #[serde(deserialize_with = "deserialize_u64")] pub good_til_purge_allowance: u64, + pub whitelisted_lps: Vec, } /// The types below are used for querying dex module parameters via stargate. diff --git a/contracts/dao/neutron-chain-manager/src/msg.rs b/contracts/dao/neutron-chain-manager/src/msg.rs index 9308fa55..639e5f70 100644 --- a/contracts/dao/neutron-chain-manager/src/msg.rs +++ b/contracts/dao/neutron-chain-manager/src/msg.rs @@ -160,6 +160,7 @@ impl Strategy { paused: true, max_jits_per_block: true, good_til_purge_allowance: true, + whitelisted_lps: true, }), Strategy::AllowOnly(permissions) => { match permissions.get(&PermissionType::UpdateDexParamsPermission) { @@ -289,6 +290,7 @@ pub struct DexUpdateParamsPermission { pub paused: bool, pub max_jits_per_block: bool, pub good_til_purge_allowance: bool, + pub whitelisted_lps: bool, } #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, JsonSchema)] diff --git a/contracts/dao/neutron-chain-manager/src/testing/mock_querier.rs b/contracts/dao/neutron-chain-manager/src/testing/mock_querier.rs index 1f3baaa7..106e1a35 100644 --- a/contracts/dao/neutron-chain-manager/src/testing/mock_querier.rs +++ b/contracts/dao/neutron-chain-manager/src/testing/mock_querier.rs @@ -71,6 +71,7 @@ impl WasmMockQuerier { paused: false, max_jits_per_block: 20, good_til_purge_allowance: 25000, + whitelisted_lps: vec![], }, }); SystemResult::Ok(ContractResult::from(resp)) diff --git a/contracts/dao/neutron-chain-manager/src/testing/tests.rs b/contracts/dao/neutron-chain-manager/src/testing/tests.rs index f79c65e3..1e4f6090 100644 --- a/contracts/dao/neutron-chain-manager/src/testing/tests.rs +++ b/contracts/dao/neutron-chain-manager/src/testing/tests.rs @@ -702,7 +702,7 @@ pub fn test_execute_execute_message_update_params_dex_authorized() { admin_proposal: AdminProposal::ProposalExecuteMessage(ProposalExecuteMessage { message: r#"{"@type":"/neutron.dex.MsgUpdateParams", "authority":"neutron1hxskfdxpp5hqgtjj6am6nkjefhfzj359x0ar3z", - "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000"}}"# + "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000", "whitelisted_lps": ["neutron10h9stc5v6ntgeygf5xf945njqq5h32r54rf7kf"]}}"# .to_string(), }), }); @@ -731,6 +731,7 @@ pub fn test_execute_execute_message_update_params_dex_authorized() { paused: true, max_jits_per_block: true, good_til_purge_allowance: true, + whitelisted_lps: true, })]), ) .unwrap(); @@ -747,7 +748,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_fee_tiers() { admin_proposal: AdminProposal::ProposalExecuteMessage(ProposalExecuteMessage { message: r#"{"@type":"/neutron.dex.MsgUpdateParams", "authority":"neutron1hxskfdxpp5hqgtjj6am6nkjefhfzj359x0ar3z", - "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000"}}"# + "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000", "whitelisted_lps": ["neutron10h9stc5v6ntgeygf5xf945njqq5h32r54rf7kf"]}}"# .to_string(), }), }); @@ -776,6 +777,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_fee_tiers() { paused: true, max_jits_per_block: true, good_til_purge_allowance: true, + whitelisted_lps: true })]), ) .unwrap(); @@ -794,7 +796,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_paused() { admin_proposal: AdminProposal::ProposalExecuteMessage(ProposalExecuteMessage { message: r#"{"@type":"/neutron.dex.MsgUpdateParams", "authority":"neutron1hxskfdxpp5hqgtjj6am6nkjefhfzj359x0ar3z", - "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000"}}"# + "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000", "whitelisted_lps": ["neutron10h9stc5v6ntgeygf5xf945njqq5h32r54rf7kf"]}}"# .to_string(), }), }); @@ -823,6 +825,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_paused() { paused: false, max_jits_per_block: true, good_til_purge_allowance: true, + whitelisted_lps: true, })]), ) .unwrap(); @@ -840,7 +843,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_max_jits_per_ admin_proposal: AdminProposal::ProposalExecuteMessage(ProposalExecuteMessage { message: r#"{"@type":"/neutron.dex.MsgUpdateParams", "authority":"neutron1hxskfdxpp5hqgtjj6am6nkjefhfzj359x0ar3z", - "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000"}}"# + "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000", "whitelisted_lps": ["neutron10h9stc5v6ntgeygf5xf945njqq5h32r54rf7kf"]}}"# .to_string(), }), }); @@ -869,6 +872,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_max_jits_per_ paused: true, max_jits_per_block: false, good_til_purge_allowance: true, + whitelisted_lps: true, })]), ) .unwrap(); @@ -885,7 +889,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_good_til_purg admin_proposal: AdminProposal::ProposalExecuteMessage(ProposalExecuteMessage { message: r#"{"@type":"/neutron.dex.MsgUpdateParams", "authority":"neutron1hxskfdxpp5hqgtjj6am6nkjefhfzj359x0ar3z", - "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000"}}"# + "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000", "whitelisted_lps": ["neutron10h9stc5v6ntgeygf5xf945njqq5h32r54rf7kf"]}}"# .to_string(), }), }); @@ -914,6 +918,54 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_good_til_purg paused: true, max_jits_per_block: true, good_til_purge_allowance: false, + whitelisted_lps: true, + })]), + ) + .unwrap(); + + let info = message_info(&Addr::unchecked("addr1"), &[]); + let err = execute_execute_messages(deps.as_mut(), info.clone(), vec![msg]).unwrap_err(); + assert_eq!(err, Unauthorized {}); +} + +/// Checks that you can't change `whitelisted_lps` if you don't have the permission to do so +/// (new style parameter changes). +#[test] +pub fn test_execute_execute_message_update_params_dex_unauthorized_whitelisted_lps() { + let msg = CosmosMsg::Custom(NeutronMsg::SubmitAdminProposal { + admin_proposal: AdminProposal::ProposalExecuteMessage(ProposalExecuteMessage { + message: r#"{"@type":"/neutron.dex.MsgUpdateParams", + "authority":"neutron1hxskfdxpp5hqgtjj6am6nkjefhfzj359x0ar3z", + "params": {"fee_tiers":["1","2"],"paused":true,"max_jits_per_block":"25","good_til_purge_allowance":"540000", "whitelisted_lps": ["neutron10h9stc5v6ntgeygf5xf945njqq5h32r54rf7kf"]}}"# + .to_string(), + }), + }); + + let mut deps = mock_dependencies(); + let env = mock_env(); + let info = message_info(&Addr::unchecked("neutron_dao_address"), &[]); + + instantiate( + deps.as_mut(), + env.clone(), + info.clone(), + InstantiateMsg { + initial_strategy_address: Addr::unchecked("neutron_dao_address".to_string()), + }, + ) + .unwrap(); + + let info = message_info(&Addr::unchecked("neutron_dao_address"), &[]); + execute_add_strategy( + deps.as_mut(), + info.clone(), + Addr::unchecked("addr1".to_string()), + StrategyMsg::AllowOnly(vec![UpdateDexParamsPermission(DexUpdateParamsPermission { + fee_tiers: true, + paused: true, + max_jits_per_block: true, + good_til_purge_allowance: true, + whitelisted_lps: false, })]), ) .unwrap(); From c4160b2658813366c910ddb8be776f5aaf93ede9 Mon Sep 17 00:00:00 2001 From: Julian Compagni Portis Date: Thu, 9 Jan 2025 14:39:50 -0700 Subject: [PATCH 2/2] fmt --- contracts/dao/neutron-chain-manager/src/contract.rs | 3 +-- contracts/dao/neutron-chain-manager/src/testing/tests.rs | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/contracts/dao/neutron-chain-manager/src/contract.rs b/contracts/dao/neutron-chain-manager/src/contract.rs index 18042c19..e8cae253 100644 --- a/contracts/dao/neutron-chain-manager/src/contract.rs +++ b/contracts/dao/neutron-chain-manager/src/contract.rs @@ -410,8 +410,7 @@ fn check_dex_update_msg_params( return Err(ContractError::Unauthorized {}); } - if dex_params.params.whitelisted_lps - != msg_update_params.params.whitelisted_lps + if dex_params.params.whitelisted_lps != msg_update_params.params.whitelisted_lps && !dex_update_param_permission.whitelisted_lps { return Err(ContractError::Unauthorized {}); diff --git a/contracts/dao/neutron-chain-manager/src/testing/tests.rs b/contracts/dao/neutron-chain-manager/src/testing/tests.rs index 1e4f6090..542bfaab 100644 --- a/contracts/dao/neutron-chain-manager/src/testing/tests.rs +++ b/contracts/dao/neutron-chain-manager/src/testing/tests.rs @@ -777,7 +777,7 @@ pub fn test_execute_execute_message_update_params_dex_unauthorized_fee_tiers() { paused: true, max_jits_per_block: true, good_til_purge_allowance: true, - whitelisted_lps: true + whitelisted_lps: true, })]), ) .unwrap();