decentraland / transactions-server / 25520590475
70%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 37
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 70.254% (+0.2%) from 70.09%
25520590475

push

github

web-flow 
feat: validate the relayed method is executeMetaTransaction (#137)

* feat: validate the relayed method is executeMetaTransaction

* fix: drop user-controlled selector label from rejection counter

The selector label on dcl_error_invalid_function_selector was derived
from untrusted input (the calldata's first 4 bytes), giving an attacker
unbounded cardinality on a Prometheus time series. The counter is now
scalar; the offending selector still rides on the typed error and the
warn log for triage.

* test: align checkFunctionSelector spec with dcl-testing conventions

Rename the drain-attack describe to use the "when ..." form, drop the
forbidden "when" from the it.each title, and replace generic "should not
throw" descriptions with ones that surface the metric assertion the
tests already make.

* feat: reject meta-tx whose userAddress matches a broadcaster EOA

Extends checkFunctionSelector with a self-relay guard: decodes the
executeMetaTransaction calldata and rejects when the inner userAddress
is one of the EOAs we use to broadcast on chain.

Wires getRelayerAddresses through the relay-router so the validator
stays provider-agnostic. Gelato funds its own broadcasters and omits
the method; OpenZeppelin lazily fetches and caches the set with a 1h
TTL — refresh failures are metric-only.

Public rejection message is generic ("Invalid transaction data.");
offending details stay on the error instance for structured warn logs.

- new SelfRelayUserAddressError -> 400 with generic body
- counters for rejection (dcl_error_self_relay_user_address) and
  cache-refresh failures (dcl_error_relayer_addresses_refresh_failed)
- integration spec hitting the real OZ API (skips when creds absent)

* feat: harden relayer against quota TOCTOU and sale-price bypass

- Atomic reserveQuota (advisory-locked SELECT/INSERT) plus session_id-keyed
  confirmReservation/releaseReservation; replaces the post-broadcast quota
  write and closes the per-user TOCTOU window.
- Read-only... (continued)

119 of 189 branches covered (62.96%)

Branch coverage included in aggregate %.

153 of 199 new or added lines in 15 files covered. (76.88%)

1 existing line in 1 file now uncovered.

573 of 796 relevant lines covered (71.98%)

7.1 hits per line

Uncovered Changes

Lines Coverage File
17
0.0
 0.0% src/controllers/handlers.ts
13
61.76
 -18.63% src/ports/relay-router/components.ts
10
0.0
 src/migrations/1778100766232_add-reservation-columns.ts
3
80.0
 22.86% src/ports/transaction/component.ts
2
92.73
 -5.15% src/logic/transaction-middleware.ts
1
96.61
 0.12% src/ports/transaction/validation/checkGasPrice.ts

Coverage Regressions

Lines Coverage File
1
0.0
 0.0% src/controllers/handlers.ts
Jobs
ID Job ID Ran Files Coverage
1 25520590475.1 37
70.25
 GitHub Action Run
Source Files on build 25520590475