Prevent test binary from deploying#237
Merged
Merged
Conversation
joshuajbouw
changed the title
birchmd
reviewed
Aug 13, 2021
artob
added a commit
that referenced
this pull request
Aug 14, 2021
* ERC-20: forbid using invalid NEP141 AccountID for mapping (#179) * Timestamp should be in milliseconds for Ethereum compatibility (#208) * feat(engine): Blockhash definition (#213) * Update etc/state-migration-test/Cargo.lock (#211) * Include cost of access list in intrinsic gas (#219) * Bump tar from 4.4.13 to 4.4.15 in /etc/eth-contracts (#217) * Feat(engine): Relayer payment (#215) * Scheduled lint is supposed to run nightly clippy (#214) * Return actual status of a transaction (#218) * Added parser for Integer types (#183) * Update to latest nightly (#221) * Fix(engine): do not panic when user has insufficient balance to cover gas (#223) * Update lock files (#224) * Method to fix balance of aurora account on testnet (#225) * Use math api host functions on mainnet (#228) * NEP-141 compliance correctness (#202) * Adapt workflows to dockerized runners (#231) * Move block height to the end of hashed data. (#233) * Ensure solidity artifacts are always recompiled (#234) * Prevent test binary from deploying (#237) * Add removal of eth-contracts to `make clean` * Remove deploy_code feature gate Co-authored-by: Dmitry Strokov <dmitry@aurora.dev> Co-authored-by: Evgeny Ukhanov <evgeny@aurora.dev> Co-authored-by: Joshua J. Bouw <joshua@aurora.dev> Co-authored-by: Kirill <kirill@aurora.dev> Co-authored-by: Michael Birch <michael@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Just noticed a dangerous situation. We have a new public function called
mint_accountforintegration-testfeature which allows you to make any address, at any nonce, at any balance. If someone accidentally built a test build and uploaded that, it would allow anyone to use that method.To address that, I just changed the .wasm test file compilations specifically state that they are test binaries and looking into adding something deploy that causes it to explode if someone accidentally deploys the test version.