Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Commit

Permalink
Add missing require_authorization
Browse files Browse the repository at this point in the history 
eos::setcode was not requiring authorization from the account whose code
was being set. This is definitely incorrect. Alice should not be able to
set Bob's code without Bob's authorization. :P
  • Loading branch information
@nathanielhourt
nathanielhourt committed Aug 15, 2017
1 parent 8425270 commit 5a60917
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions libraries/native_contract/eos_contract.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,8 @@ void apply_eos_setcode(apply_context& context) {
auto& db = context.mutable_db;
auto msg = context.msg.as<types::setcode>();

context.require_authorization(msg.account);

FC_ASSERT( msg.vmtype == 0 );
FC_ASSERT( msg.vmversion == 0 );

Expand Down

0 comments on commit 5a60917

Please sign in to comment.