fix(escrow-vault): reject zero time_lock_duration in create_escrow#706
Merged
Conversation
Prevent immediate escrow release when time_lock_duration is 0 by requiring at least one second and updating tests/snapshots accordingly. Closes ThinkLikeAFounder#688
|
@wheval Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reject
time_lock_duration = 0increate_escrowso escrows always have at least one second of time-lock protection before release.Purpose / Motivation
create_escrowvalidatedexpires_in > time_lock_durationbut allowedtime_lock_duration = 0. That settime_lock_untilto the current ledger time, sonow >= time_lock_untilwas true immediately and funds could be released with no time protection (issue #688).Changes Made
create_escrowwhentime_lock_duration == 0with messagetime_lock_duration must be at least 1 second.test_create_escrow_zero_time_lock_durationand updated existing tests to use a minimum 1-second lock (with ledger advances where release paths require the lock to elapse).required_approversvectors so they satisfy the contract’s minimum approver threshold at creation.How to Test
contracts/escrow-vault, runcargo test.test_create_escrow_zero_time_lock_durationpasses (panics ontime_lock_duration = 0).MIN_TIME_LOCK_SECS = 1and ledger advancement where needed.create_escrowon a deployed contract withtime_lock_duration = 0and verify the transaction fails.Screenshots (if applicable)
N/A — contract-only change.
Breaking Changes
create_escrowno longer acceptstime_lock_duration = 0. Callers that relied on “no time lock” must pass at least1(one second).Related Issues
Closes #688
Checklist