pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-04-26 09:57:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add MaxTipAmount for pallet-tips (#1709)

Browse Source 
Last week we experienced a governance attack.
Surprisingly, there was no upper limit on the tip amount.

Due to the mechanism of pallet-fragment-election, the council members
will be refreshed immediately. Attacker is easy to control the council
and give a large tip amount.
This commit is contained in:
Xavier Lau
2023-09-28 06:08:05 -05:00
committed by GitHub
parent b50d8e6f7f
commit de71fecc4e
4 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/frame/tips/src/lib.rs
+13 -1
View File
@@ -154,6 +154,10 @@ pub mod pallet {
#[pallet::constant]
type TipReportDepositBase: Get<BalanceOf<Self, I>>;
/// The maximum amount for a single tip.
#[pallet::constant]
type MaxTipAmount: Get<BalanceOf<Self, I>>;
/// Origin from which tippers must come.
///
/// `ContainsLengthBound::max_len` must be cost free (i.e. no storage read or heavy
@@ -208,6 +212,8 @@ pub mod pallet {
AlreadyKnown,
/// The tip hash is unknown.
UnknownTip,
/// The tip given was too generous.
MaxTipAmountExceeded,
/// The account attempting to retract the tip is not the finder of the tip.
NotFinder,
/// The tip cannot be claimed/closed because there are not enough tippers yet.
@@ -336,10 +342,13 @@ pub mod pallet {
let tipper = ensure_signed(origin)?;
let who = T::Lookup::lookup(who)?;
ensure!(T::Tippers::contains(&tipper), BadOrigin);
ensure!(T::MaxTipAmount::get() >= tip_value, Error::<T, I>::MaxTipAmountExceeded);
let reason_hash = T::Hashing::hash(&reason[..]);
ensure!(!Reasons::<T, I>::contains_key(&reason_hash), Error::<T, I>::AlreadyKnown);
let hash = T::Hashing::hash_of(&(&reason_hash, &who));
let hash = T::Hashing::hash_of(&(&reason_hash, &who));
Reasons::<T, I>::insert(&reason_hash, &reason);
Self::deposit_event(Event::NewTip { tip_hash: hash });
let tips = vec![(tipper.clone(), tip_value)];
@@ -387,7 +396,10 @@ pub mod pallet {
let tipper = ensure_signed(origin)?;
ensure!(T::Tippers::contains(&tipper), BadOrigin);
ensure!(T::MaxTipAmount::get() >= tip_value, Error::<T, I>::MaxTipAmountExceeded);
let mut tip = Tips::<T, I>::get(hash).ok_or(Error::<T, I>::UnknownTip)?;
if Self::insert_tip_and_check_closing(&mut tip, tipper, tip_value) {
Self::deposit_event(Event::TipClosing { tip_hash: hash });
}