Test fake admin vlaues passed to the enclave

TestEnclaveFailsAdminIsNotSender

x/compute/internal/keeper/secret_contracts_migrate_test.go

@@ -6548,7 +6548,7 @@ func TestOldAdminCanChangeAdminByPassingOldProof(t *testing.T) {
 		info = keeper.GetContractInfo(ctx, contractAddress)
 		require.Equal(t, info.Admin, walletB.String())
 
-		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, walletA, defaultGasForTests, oldAdminProof)
+		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, walletA, defaultGasForTests, walletA, oldAdminProof)
 		require.Nil(t, updateErr)
 
 		info = keeper.GetContractInfo(ctx, contractAddress)
@@ -6570,7 +6570,7 @@ func TestOldAdminCanChangeAdminByPassingOldProof(t *testing.T) {
 		info = keeper.GetContractInfo(ctx, contractAddress)
 		require.Equal(t, info.Admin, walletB.String())
 
-		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, nil, defaultGasForTests, oldAdminProof)
+		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, nil, defaultGasForTests, walletA, oldAdminProof)
 		require.Nil(t, updateErr)
 
 		info = keeper.GetContractInfo(ctx, contractAddress)
@@ -6592,7 +6592,7 @@ func TestOldAdminCanChangeAdminByPassingOldProof(t *testing.T) {
 		info = keeper.GetContractInfo(ctx, contractAddress)
 		require.Equal(t, info.Admin, "")
 
-		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, walletA, defaultGasForTests, oldAdminProof)
+		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, walletA, defaultGasForTests, walletA, oldAdminProof)
 		require.Nil(t, updateErr)
 
 		info = keeper.GetContractInfo(ctx, contractAddress)
@@ -6614,7 +6614,7 @@ func TestOldAdminCanChangeAdminByPassingOldProof(t *testing.T) {
 		info = keeper.GetContractInfo(ctx, contractAddress)
 		require.Equal(t, info.Admin, "")
 
-		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, nil, defaultGasForTests, oldAdminProof)
+		_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletA, privKeyA, nil, defaultGasForTests, walletA, oldAdminProof)
 		require.Nil(t, updateErr)
 
 		info = keeper.GetContractInfo(ctx, contractAddress)
@@ -6641,7 +6641,7 @@ func TestOldAdminCanMigrateChangeAdminByPassingOldProof(t *testing.T) {
 		require.Equal(t, info.Admin, walletB.String())
 
 		newCodeId, _ := uploadCode(ctx, t, keeper, TestContractPaths[v1MigratedContract], walletA)
-		_, migErr := fakeMigrateHelper(t, keeper, ctx, newCodeId, contractAddress, walletA, privKeyA, `{"nop":{}}`, false, true, math.MaxUint64, oldAdminProof)
+		_, migErr := fakeMigrateHelper(t, keeper, ctx, newCodeId, contractAddress, walletA, privKeyA, `{"nop":{}}`, false, true, math.MaxUint64, walletA, oldAdminProof)
 		require.Empty(t, migErr)
 
 		// admin is still walletB
@@ -6671,7 +6671,7 @@ func TestOldAdminCanMigrateChangeAdminByPassingOldProof(t *testing.T) {
 		require.Equal(t, info.Admin, "")
 
 		newCodeId, _ := uploadCode(ctx, t, keeper, TestContractPaths[v1MigratedContract], walletA)
-		_, migErr := fakeMigrateHelper(t, keeper, ctx, newCodeId, contractAddress, walletA, privKeyA, `{"nop":{}}`, false, true, math.MaxUint64, oldAdminProof)
+		_, migErr := fakeMigrateHelper(t, keeper, ctx, newCodeId, contractAddress, walletA, privKeyA, `{"nop":{}}`, false, true, math.MaxUint64, walletA, oldAdminProof)
 		require.Empty(t, migErr)
 
 		// admin is still nil
@@ -6685,3 +6685,95 @@ func TestOldAdminCanMigrateChangeAdminByPassingOldProof(t *testing.T) {
 		require.Equal(t, history[1].CodeID, newCodeId)
 	})
 }
+
+func TestEnclaveFailsAdminIsNotSender(t *testing.T) {
+	ctx, keeper, codeID, _, walletA, privkeyA, walletB, privkeyB := setupTest(t, TestContractPaths[v1Contract], sdk.NewCoins())
+
+	t.Run("migrate fails msg verify params", func(t *testing.T) {
+		_, _, contractAddress, _, err := initHelper(t, keeper, ctx, codeID, walletA, walletB, privkeyA, `{"nop":{}}`, true, true, defaultGasForTests)
+		require.Empty(t, err)
+
+		// B is the admin
+		info := keeper.GetContractInfo(ctx, contractAddress)
+		require.Equal(t, info.Admin, walletB.String())
+
+		bAdminProof := info.AdminProof
+
+		// now A is the admin
+		_, updateErr := updateAdminHelper(t, keeper, ctx, contractAddress, walletB, privkeyB, walletA, defaultGasForTests)
+		require.Nil(t, updateErr)
+
+		info = keeper.GetContractInfo(ctx, contractAddress)
+		require.Equal(t, info.Admin, walletA.String())
+
+		// A is the admin but B is the sender
+		// B passes old B's proof which is valid and should pass the proof check
+		// however the sender==admin check later on should fail
+		newCodeId, _ := uploadCode(ctx, t, keeper, TestContractPaths[v1MigratedContract], walletA)
+		_, migErr := fakeMigrateHelper(t, keeper, ctx, newCodeId, contractAddress, walletB, privkeyB, `{"nop":{}}`, false, true, math.MaxUint64, walletA, bAdminProof)
+		require.Contains(t, migErr.Error(), "Enclave: failed to verify transaction signature: migrate contract failed")
+	})
+
+	t.Run("migrate fails admin proof check", func(t *testing.T) {
+		_, _, contractAddress, _, err := initHelper(t, keeper, ctx, codeID, walletA, walletA, privkeyA, `{"nop":{}}`, true, true, defaultGasForTests)
+		require.Empty(t, err)
+
+		info := keeper.GetContractInfo(ctx, contractAddress)
+		require.Equal(t, info.Admin, walletA.String())
+
+		// A is the admin but B is the sender
+		// B passes A's proof
+		newCodeId, _ := uploadCode(ctx, t, keeper, TestContractPaths[v1MigratedContract], walletA)
+		_, migErr := fakeMigrateHelper(t, keeper, ctx, newCodeId, contractAddress, walletB, privkeyB, `{"nop":{}}`, false, true, math.MaxUint64, walletA, info.AdminProof)
+		require.Contains(t, migErr.Error(), "Enclave: failed to validate transaction: migrate contract failed")
+	})
+
+	t.Run("change fails msg verify params", func(t *testing.T) {
+		_, _, contractAddress, _, err := initHelper(t, keeper, ctx, codeID, walletA, walletB, privkeyA, `{"nop":{}}`, true, true, defaultGasForTests)
+		require.Empty(t, err)
+
+		// B is the admin
+		info := keeper.GetContractInfo(ctx, contractAddress)
+		require.Equal(t, info.Admin, walletB.String())
+
+		bAdminProof := info.AdminProof
+
+		// now A is the admin
+		_, updateErr := updateAdminHelper(t, keeper, ctx, contractAddress, walletB, privkeyB, walletA, defaultGasForTests)
+		require.Nil(t, updateErr)
+
+		info = keeper.GetContractInfo(ctx, contractAddress)
+		require.Equal(t, info.Admin, walletA.String())
+
+		// A is the admin but B is the sender
+		// B passes old B's proof which is valid and should pass the proof check
+		// however the sender==admin check later on should fail
+		t.Run("update", func(t *testing.T) {
+			_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletB, privkeyB, walletB, math.MaxUint64, walletA, bAdminProof)
+			require.Contains(t, updateErr.Error(), "Enclave: failed to verify transaction signature")
+		})
+		t.Run("clear", func(t *testing.T) {
+			_, updateErr = fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletB, privkeyB, nil, math.MaxUint64, walletA, bAdminProof)
+			require.Contains(t, updateErr.Error(), "Enclave: failed to verify transaction signature")
+		})
+	})
+
+	t.Run("change fails admin proof check", func(t *testing.T) {
+		_, _, contractAddress, _, err := initHelper(t, keeper, ctx, codeID, walletA, walletA, privkeyA, `{"nop":{}}`, true, true, defaultGasForTests)
+		require.Empty(t, err)
+
+		info := keeper.GetContractInfo(ctx, contractAddress)
+		require.Equal(t, info.Admin, walletA.String())
+
+		// A is the admin but B is the sender
+		// B passes A's proof
+		t.Run("update", func(t *testing.T) {
+			_, updateErr := fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletB, privkeyB, walletB, math.MaxUint64, walletA, info.AdminProof)
+			require.Contains(t, updateErr.Error(), "Enclave: failed to validate transaction")
+		})
+		t.Run("clear", func(t *testing.T) {
+			_, updateErr := fakeUpdateAdminHelper(t, keeper, ctx, contractAddress, walletB, privkeyB, nil, math.MaxUint64, walletA, info.AdminProof)
+			require.Contains(t, updateErr.Error(), "Enclave: failed to validate transaction")
+		})
+	})
+}

x/compute/internal/keeper/secret_contracts_utils_test.go

@@ -919,7 +919,14 @@ func updateAdminHelper(
 	}, err
 }
 
-func fakeUpdateContractAdmin(ctx sdk.Context, k Keeper, contractAddress, caller, newAdmin sdk.AccAddress, fakeAdminProof []byte) error {
+func fakeUpdateContractAdmin(ctx sdk.Context,
+	k Keeper,
+	contractAddress,
+	caller,
+	newAdmin sdk.AccAddress,
+	adminToSend sdk.AccAddress,
+	adminProof []byte,
+) error {
 	defer telemetry.MeasureSince(time.Now(), "compute", "keeper", "update-contract-admin")
 	ctx.GasMeter().ConsumeGas(types.InstanceCost, "Loading CosmWasm module: update-contract-admin")
 
@@ -953,7 +960,7 @@ func fakeUpdateContractAdmin(ctx sdk.Context, k Keeper, contractAddress, caller,
 	// instantiate wasm contract
 	gas := gasForContract(ctx)
 
-	newAdminProof, updateAdminErr := k.wasmer.UpdateAdmin(codeInfo.CodeHash, env, prefixStore, cosmwasmAPI, querier, gasMeter(ctx), gas, verificationInfo, caller, fakeAdminProof)
+	newAdminProof, updateAdminErr := k.wasmer.UpdateAdmin(codeInfo.CodeHash, env, prefixStore, cosmwasmAPI, querier, gasMeter(ctx), gas, verificationInfo, adminToSend, adminProof)
 
 	if updateAdminErr != nil {
 		return updateAdminErr
@@ -981,7 +988,8 @@ func fakeUpdateAdminHelper(
 	senderPrivkey crypto.PrivKey,
 	newAdmin sdk.AccAddress,
 	gas uint64,
-	fakeAdminProof []byte,
+	adminToSend sdk.AccAddress,
+	adminProof []byte,
 ) (UpdateAdminResult, error) {
 	// create new ctx with the same storage and a gas limit
 	// this is to reset the event manager, so we won't get
@@ -1001,7 +1009,7 @@ func fakeUpdateAdminHelper(
 	}
 
 	gasBefore := ctx.GasMeter().GasConsumed()
-	err := fakeUpdateContractAdmin(ctx, keeper, contractAddress, sender, newAdmin, fakeAdminProof)
+	err := fakeUpdateContractAdmin(ctx, keeper, contractAddress, sender, newAdmin, adminToSend, adminProof)
 	gasAfter := ctx.GasMeter().GasConsumed()
 	gasUsed := gasAfter - gasBefore
 
@@ -1011,7 +1019,15 @@ func fakeUpdateAdminHelper(
 	}, err
 }
 
-func fakeMigrate(ctx sdk.Context, k Keeper, contractAddress sdk.AccAddress, caller sdk.AccAddress, newCodeID uint64, msg []byte, fakeAdminProof []byte) ([]byte, error) {
+func fakeMigrate(ctx sdk.Context,
+	k Keeper,
+	contractAddress sdk.AccAddress,
+	caller sdk.AccAddress,
+	newCodeID uint64,
+	msg []byte,
+	adminToSend sdk.AccAddress,
+	adminProof []byte,
+) ([]byte, error) {
 	defer telemetry.MeasureSince(time.Now(), "compute", "keeper", "migrate")
 	ctx.GasMeter().ConsumeGas(types.InstanceCost, "Loading CosmWasm module: migrate")
 
@@ -1067,7 +1083,7 @@ func fakeMigrate(ctx sdk.Context, k Keeper, contractAddress sdk.AccAddress, call
 	// instantiate wasm contract
 	gas := gasForContract(ctx)
 
-	response, newContractKey, newContractKeyProof, gasUsed, migrateErr := k.wasmer.Migrate(newCodeInfo.CodeHash, env, msg, prefixStore, cosmwasmAPI, querier, gasMeter(ctx), gas, verificationInfo, caller, fakeAdminProof)
+	response, newContractKey, newContractKeyProof, gasUsed, migrateErr := k.wasmer.Migrate(newCodeInfo.CodeHash, env, msg, prefixStore, cosmwasmAPI, querier, gasMeter(ctx), gas, verificationInfo, adminToSend, adminProof)
 	consumeGas(ctx, gasUsed)
 
 	if migrateErr != nil {
@@ -1144,7 +1160,8 @@ func fakeMigrateHelper(
 	isErrorEncrypted bool,
 	isV1Contract bool,
 	gas uint64,
-	fakeAdminProof []byte,
+	adminToSend sdk.AccAddress,
+	adminProof []byte,
 	wasmCallCount ...int64,
 ) (MigrateResult, *ErrorResult) {
 	codeInfo, err := keeper.GetCodeInfo(ctx, newCodeId)
@@ -1187,7 +1204,7 @@ func fakeMigrateHelper(
 	nonce := migrateMsgBz[0:32]
 
 	gasBefore := ctx.GasMeter().GasConsumed()
-	execResult, err := fakeMigrate(ctx, keeper, contractAddress, txSender, newCodeId, migrateMsgBz, fakeAdminProof)
+	execResult, err := fakeMigrate(ctx, keeper, contractAddress, txSender, newCodeId, migrateMsgBz, adminToSend, adminProof)
 	gasAfter := ctx.GasMeter().GasConsumed()
 	gasUsed := gasAfter - gasBefore