logos-storage/logos-storage-contracts-eth
1
0
Fork 0
mirror of https://github.com/logos-storage/logos-storage-contracts-eth.git synced 2026-01-06 15:23:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

vault: only allow account holder to withdraw for itself

Browse Source
This commit is contained in:
Mark Spanbroek 2025-02-20 15:17:54 +01:00
parent 95a698c574
commit 6db1a5fb3a
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
contracts/Vault.sol
View File

@ -224,6 +224,7 @@ contract Vault is VaultBase, Pausable, Ownable {
AccountId account
) public {
(address holder, ) = Accounts.decodeId(account);
require(msg.sender == holder, VaultOnlyAccountHolder());
_withdraw(controller, fund, account);
}
@ -234,4 +235,6 @@ contract Vault is VaultBase, Pausable, Ownable {
function unpause() public onlyOwner {
_unpause();
}
error VaultOnlyAccountHolder();
}

11
test/Vault.tests.js
View File

@ -772,7 +772,7 @@ describe("Vault", function () {
expect(after - before).to.equal(amount)
})
it("allows recipient to withdraw for itself", async function () {
it("allows account holder to withdraw for itself", async function () {
await expire()
const before = await token.balanceOf(holder.address)
await vault
@ -782,6 +782,15 @@ describe("Vault", function () {
expect(after - before).to.equal(amount)
})
it("does not allow anyone else to withdraw for the account holder", async function () {
await expire()
await expect(
vault
.connect(holder2)
.withdrawByRecipient(controller.address, fund, account1)
).to.be.revertedWith("OnlyAccountHolder")
})
it("empties the balance when withdrawing", async function () {
await expire()
await vault.withdraw(fund, account1)