diff --git a/x/kyc/keeper/msg_server.go b/x/kyc/keeper/msg_server.go index bd2fca987..b0a002315 100755 --- a/x/kyc/keeper/msg_server.go +++ b/x/kyc/keeper/msg_server.go @@ -62,6 +62,14 @@ func (m msgServer) Approve(goCtx context.Context, msg *types.MsgApprove) (*types // check holder address and pubkey address := sdk.MustAccAddressFromBech32(msg.Address) + pubkeyAddress, err := m.MustAccAddressFromPubkeyString(msg.Pubkey) + if err != nil { + return &types.MsgApproveResponse{}, sdkerrors.Wrap(types.ErrInvalidPubkey, err.Error()) + } + if !pubkeyAddress.Equals(address) { + return &types.MsgApproveResponse{}, sdkerrors.Wrap(types.ErrInvalidPubkey, "pubkey does not match address") + } + did, found := m.GetDID(ctx, address) if found && did != msg.Did { // notice: holder must have not DID diff --git a/x/kyc/keeper/msg_server_test.go b/x/kyc/keeper/msg_server_test.go index 7deaf6a8b..4b78ded00 100755 --- a/x/kyc/keeper/msg_server_test.go +++ b/x/kyc/keeper/msg_server_test.go @@ -60,6 +60,33 @@ func (s *KeeperTestSuite) TestApprove() { s.Require().Equal(msg.Hash, kyc.Hash) } +func (s *KeeperTestSuite) TestApproveRejectsPubkeyAddressMismatch() { + s.Ctx = s.App.BaseApp.NewContext(false, tmproto.Header{}).WithBlockHeight(wmintTypes.OneDayTotalBlocks).WithChainID(apptesting.TestChainID) + wmint.BeginBlocker(s.Ctx, s.App.MintKeeper, nil) + wdistri.EndBlock(s.Ctx, abci.RequestEndBlock{Height: s.Ctx.BlockHeight()}, *s.App.DistrKeeper) + + did := "1111111111111111" + kycAccount, _ := s.NewAccount() + _, attackerPubkey := s.NewAccount() + + _, err := s.msgServer.Approve(s.Ctx, &types.MsgApprove{ + Issuer: s.Dao.GlobalDao, + Did: did, + RegionId: strings.ToLower(wstakingtypes.MeEarthRegionName), + Address: kycAccount.String(), + Pubkey: attackerPubkey, + Uri: "http://127.0.0.1/8001", + Hash: "aaaa", + Level: 2, + }) + s.Require().ErrorIs(err, types.ErrInvalidPubkey) + + _, found := s.Keeper().GetDID(s.Ctx, kycAccount) + s.Require().False(found) + _, found = s.Keeper().GetDidInfo(s.Ctx, did) + s.Require().False(found) +} + func (s *KeeperTestSuite) TestRemove() { s.SetupTest()