allow bridge ACLs to be updated without checking if sender has permis…

…sion to send other txs (#1625)
0xPolygon · Jun 16, 2023 · a736a9c · a736a9c
1 parent df3e91b
commit a736a9c
Showing 1 changed file with 37 additions and 26 deletions.
diff --git a/state/executor.go b/state/executor.go
@@ -683,22 +683,12 @@ func (t *Transition) Call2(
 }
 
 func (t *Transition) run(contract *runtime.Contract, host runtime.Host) *runtime.ExecutionResult {
-	// check contract deployment allow list (if any)
-	if t.deploymentAllowList != nil && t.deploymentAllowList.Addr() == contract.CodeAddress {
-		return t.deploymentAllowList.Run(contract, host, &t.config)
-	}
-
-	// check contract deployment block list (if any)
-	if t.deploymentBlockList != nil && t.deploymentBlockList.Addr() == contract.CodeAddress {
-		return t.deploymentBlockList.Run(contract, host, &t.config)
+	if result := t.handleAllowBlockListsUpdate(contract, host); result != nil {
+		return result
 	}
 
 	// check txns access lists, allow list takes precedence over block list
 	if t.txnAllowList != nil {
-		if t.txnAllowList.Addr() == contract.CodeAddress {
-			return t.txnAllowList.Run(contract, host, &t.config)
-		}
-
 		if contract.Caller != contracts.SystemCaller {
 			role := t.txnAllowList.GetRole(contract.Caller)
 			if !role.Enabled() {
@@ -709,10 +699,6 @@ func (t *Transition) run(contract *runtime.Contract, host runtime.Host) *runtime
 			}
 		}
 	} else if t.txnBlockList != nil {
-		if t.txnBlockList.Addr() == contract.CodeAddress {
-			return t.txnBlockList.Run(contract, host, &t.config)
-		}
-
 		if contract.Caller != contracts.SystemCaller {
 			role := t.txnBlockList.GetRole(contract.Caller)
 			if role == addresslist.EnabledRole {
@@ -724,16 +710,6 @@ func (t *Transition) run(contract *runtime.Contract, host runtime.Host) *runtime
 		}
 	}
 
-	// check bridge allow list (if any)
-	if t.bridgeAllowList != nil && t.bridgeAllowList.Addr() == contract.CodeAddress {
-		return t.bridgeAllowList.Run(contract, host, &t.config)
-	}
-
-	// check contract deployment block list (if any)
-	if t.bridgeBlockList != nil && t.bridgeBlockList.Addr() == contract.CodeAddress {
-		return t.bridgeBlockList.Run(contract, host, &t.config)
-	}
-
 	// check the precompiles
 	if t.precompiles.CanRun(contract, host, &t.config) {
 		return t.precompiles.Run(contract, host, &t.config)
@@ -940,6 +916,41 @@ func (t *Transition) applyCreate(c *runtime.Contract, host runtime.Host) *runtim
 	return result
 }
 
+func (t *Transition) handleAllowBlockListsUpdate(contract *runtime.Contract,
+	host runtime.Host) *runtime.ExecutionResult {
+	// check contract deployment allow list (if any)
+	if t.deploymentAllowList != nil && t.deploymentAllowList.Addr() == contract.CodeAddress {
+		return t.deploymentAllowList.Run(contract, host, &t.config)
+	}
+
+	// check contract deployment block list (if any)
+	if t.deploymentBlockList != nil && t.deploymentBlockList.Addr() == contract.CodeAddress {
+		return t.deploymentBlockList.Run(contract, host, &t.config)
+	}
+
+	// check bridge allow list (if any)
+	if t.bridgeAllowList != nil && t.bridgeAllowList.Addr() == contract.CodeAddress {
+		return t.bridgeAllowList.Run(contract, host, &t.config)
+	}
+
+	// check bridge block list (if any)
+	if t.bridgeBlockList != nil && t.bridgeBlockList.Addr() == contract.CodeAddress {
+		return t.bridgeBlockList.Run(contract, host, &t.config)
+	}
+
+	// check transaction allow list (if any)
+	if t.txnAllowList != nil && t.txnAllowList.Addr() == contract.CodeAddress {
+		return t.txnAllowList.Run(contract, host, &t.config)
+	}
+
+	// check transaction block list (if any)
+	if t.txnBlockList != nil && t.txnBlockList.Addr() == contract.CodeAddress {
+		return t.txnBlockList.Run(contract, host, &t.config)
+	}
+
+	return nil
+}
+
 func (t *Transition) SetState(addr types.Address, key types.Hash, value types.Hash) {
 	t.state.SetState(addr, key, value)
 }