Fix test
The test was meant to ensure the signature covered the 'tokens' field, but then when the 'plan' field was rolled in, Transaction::verify() started failing because Plan::verify() failed. When Transaction::verify() was split into two, the unexpected failure was exposed but went unnoticed. This patch brings it back to its original intent, to ensure signature verification fails if the network attempts to change the client's payment.
This commit is contained in:
parent
705228ecc2
commit
51633f509d
|
@ -167,13 +167,17 @@ mod tests {
|
|||
}
|
||||
|
||||
#[test]
|
||||
fn test_bad_event_signature() {
|
||||
fn test_token_attack() {
|
||||
let zero = Hash::default();
|
||||
let keypair = KeyPair::new();
|
||||
let pubkey = keypair.pubkey();
|
||||
let mut tr = Transaction::new(&keypair, pubkey, 42, zero);
|
||||
tr.data.tokens = 1_000_000; // <-- attack!
|
||||
assert!(!tr.verify_plan());
|
||||
tr.data.tokens = 1_000_000; // <-- attack, part 1!
|
||||
if let Plan::Pay(ref mut payment) = tr.data.plan {
|
||||
payment.tokens = tr.data.tokens; // <-- attack, part 2!
|
||||
};
|
||||
assert!(tr.verify_plan());
|
||||
assert!(!tr.verify_sig());
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
|
Loading…
Reference in New Issue