MarketTakers/arbiter
6
0
Fork 0
Code Issues 26 Pull Requests 1 Packages Projects Releases Wiki Activity

security(evm): remove client-controlled wallet_access_id from grant revocation
Some checks failed
ci/woodpecker/pr/server-audit Pipeline failed
Details
ci/woodpecker/pr/server-lint Pipeline was successful
Details
ci/woodpecker/pr/server-vet Pipeline failed
Details
ci/woodpecker/pr/server-test Pipeline was successful
Details

Browse Source
This commit is contained in:
CleverWild
2026-06-09 19:36:44 +02:00
parent 4bb2c062dc
commit 32f317384d
5 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
protobufs/evm.proto
View File

@@ -90,7 +90,6 @@ message EvmGrantCreateResponse {
message EvmGrantDeleteRequest { message EvmGrantDeleteRequest {
int32 grant_id = 1; int32 grant_id = 1;
int32 wallet_access_id = 2;
} }
message EvmGrantDeleteResponse { message EvmGrantDeleteResponse {

3
server/crates/arbiter-server/src/actors/evm/mod.rs
View File

@@ -161,10 +161,9 @@ impl EvmActor {
pub async fn useragent_delete_grant( pub async fn useragent_delete_grant(
&mut self, &mut self,
grant_id: i32, grant_id: i32,
wallet_access_id: i32,
) -> Result<(), Error> { ) -> Result<(), Error> {
self.engine self.engine
.revoke_grant(grant_id, wallet_access_id) .revoke_grant(grant_id)
.await .await
.map_err(Error::from) .map_err(Error::from)
} }

5
server/crates/arbiter-server/src/actors/user_agent/session/connection.rs
View File

@@ -360,13 +360,12 @@ impl UserAgentSession {
pub(crate) async fn handle_grant_delete( pub(crate) async fn handle_grant_delete(
&mut self, &mut self,
grant_id: i32, grant_id: i32,
wallet_access_id: i32,
) -> Result<(), GrantMutationError> { ) -> Result<(), GrantMutationError> {
// match self // match self
// .props // .props
// .actors // .actors
// .evm // .evm
// .ask(UseragentDeleteGrant { grant_id, wallet_access_id }) // .ask(UseragentDeleteGrant { grant_id })
// .await // .await
// { // {
// Ok(()) => Ok(()), // Ok(()) => Ok(()),
@@ -375,7 +374,7 @@ impl UserAgentSession {
// Err(GrantMutationError::Internal) // Err(GrantMutationError::Internal)
// } // }
// } // }
let _ = (grant_id, wallet_access_id); let _ = grant_id;
todo!() todo!()
} }

5
server/crates/arbiter-server/src/evm/mod.rs
View File

@@ -279,7 +279,6 @@ impl Engine {
pub async fn revoke_grant( pub async fn revoke_grant(
&self, &self,
basic_grant_id: i32, basic_grant_id: i32,
wallet_access_id: i32,
) -> Result<(), DatabaseError> { ) -> Result<(), DatabaseError> {
let mut conn = self.db.get().await.map_err(DatabaseError::from)?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
let keyholder = self.keyholder.clone(); let keyholder = self.keyholder.clone();
@@ -294,14 +293,12 @@ impl Engine {
update(evm_basic_grant::table) update(evm_basic_grant::table)
.filter(evm_basic_grant::id.eq(basic_grant_id)) .filter(evm_basic_grant::id.eq(basic_grant_id))
.filter(evm_basic_grant::wallet_access_id.eq(wallet_access_id))
.set(evm_basic_grant::revoked_at.eq(SqliteTimestamp(Utc::now()))) .set(evm_basic_grant::revoked_at.eq(SqliteTimestamp(Utc::now())))
.execute(conn) .execute(conn)
.await?; .await?;
let basic_grant: EvmBasicGrant = evm_basic_grant::table let basic_grant: EvmBasicGrant = evm_basic_grant::table
.filter(evm_basic_grant::id.eq(basic_grant_id)) .filter(evm_basic_grant::id.eq(basic_grant_id))
.filter(evm_basic_grant::wallet_access_id.eq(wallet_access_id))
.select(EvmBasicGrant::as_select()) .select(EvmBasicGrant::as_select())
.first(conn) .first(conn)
.await?; .await?;
@@ -805,7 +802,7 @@ mod tests {
.await .await
.unwrap(); .unwrap();
engine.revoke_grant(grant_id, WALLET_ACCESS_ID).await.unwrap(); engine.revoke_grant(grant_id).await.unwrap();
let mut conn = db.get().await.unwrap(); let mut conn = db.get().await.unwrap();
diesel::update(evm_basic_grant::table) diesel::update(evm_basic_grant::table)

1
server/crates/arbiter-server/src/grpc/user_agent/evm.rs
View File

@@ -170,7 +170,6 @@ async fn handle_grant_delete(
let result = match actor let result = match actor
.ask(HandleGrantDelete { .ask(HandleGrantDelete {
grant_id: req.grant_id, grant_id: req.grant_id,
wallet_access_id: req.wallet_access_id,
}) })
.await .await
{ {