fix: reject zero-address recipient on withdraw_to#591
Open
zeemscript wants to merge 1 commit into
Open
Conversation
Add validation to withdraw_to function that rejects zero-address (all zero bytes) recipients with VaultError::ZeroAddressRecipient. Changes: - Add ZeroAddressRecipient error variant (code 37) - Add is_zero_address helper function - Add validation check in withdraw_to before amount validation - Add rustdoc documentation for withdraw_to - Add focused tests in test_withdraw_to_zero_address.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #572
This PR adds validation to
vault.withdraw_toto reject zero-address recipients, preventing funds from being sent to an invalid/burn address.Changes
ZeroAddressRecipienterror variant (code 37) toVaultErroris_zero_addresshelper function that checks if an address is all zero byteswithdraw_tothat rejects zero-address recipients before amount validationwithdraw_totest_withdraw_to_zero_address.rs:withdraw_to_zero_address_fails- verifies rejectionwithdraw_to_valid_address_succeeds- verifies normal operationwithdraw_to_zero_address_checked_before_amount- verifies check orderingwithdraw_to_zero_address_fails_even_when_paused- verifies behavior during pausewithdraw_to_valid_after_zero_address_rejection- verifies state unchanged after rejectionTest plan
cargo test -p callora-vault test_withdraw_to_zero_addresscargo test -p callora-vaultcargo clippy -p callora-vault