decentraland / transactions-server / 25520590475 / 1
70%
master: 70%

DEFAULT BRANCH: master
Ran
Files 37
Run time 3s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 70.254% (+0.2%) from 70.09%
25520590475.1

push

github

web-flow 
feat: validate the relayed method is executeMetaTransaction (#137)

* feat: validate the relayed method is executeMetaTransaction

* fix: drop user-controlled selector label from rejection counter

The selector label on dcl_error_invalid_function_selector was derived
from untrusted input (the calldata's first 4 bytes), giving an attacker
unbounded cardinality on a Prometheus time series. The counter is now
scalar; the offending selector still rides on the typed error and the
warn log for triage.

* test: align checkFunctionSelector spec with dcl-testing conventions

Rename the drain-attack describe to use the "when ..." form, drop the
forbidden "when" from the it.each title, and replace generic "should not
throw" descriptions with ones that surface the metric assertion the
tests already make.

* feat: reject meta-tx whose userAddress matches a broadcaster EOA

Extends checkFunctionSelector with a self-relay guard: decodes the
executeMetaTransaction calldata and rejects when the inner userAddress
is one of the EOAs we use to broadcast on chain.

Wires getRelayerAddresses through the relay-router so the validator
stays provider-agnostic. Gelato funds its own broadcasters and omits
the method; OpenZeppelin lazily fetches and caches the set with a 1h
TTL — refresh failures are metric-only.

Public rejection message is generic ("Invalid transaction data.");
offending details stay on the error instance for structured warn logs.

- new SelfRelayUserAddressError -> 400 with generic body
- counters for rejection (dcl_error_self_relay_user_address) and
  cache-refresh failures (dcl_error_relayer_addresses_refresh_failed)
- integration spec hitting the real OZ API (skips when creds absent)

* feat: harden relayer against quota TOCTOU and sale-price bypass

- Atomic reserveQuota (advisory-locked SELECT/INSERT) plus session_id-keyed
  confirmReservation/releaseReservation; replaces the post-broadcast quota
  write and closes the per-user TOCTOU window.
- Read-only... (continued)

119 of 189 branches covered (62.96%)

Branch coverage included in aggregate %.

573 of 796 relevant lines covered (71.98%)

7.1 hits per line

Source Files on job 25520590475.1