certusone
/
metaplex
mirror of https://github.com/certusone/metaplex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ensure nobody but the authorities on the vault and auction (which should themselves be equal) can be authority on the auction manager.

This commit is contained in:
Jordan Prince 2021-06-28 20:40:24 -07:00
parent e838546d7f
commit bc729d73b7
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rust/metaplex/program/src/processor/init_auction_manager.rs
View File

@ -49,6 +49,14 @@ pub fn process_init_auction_manager(
assert_owned_by(store_info, program_id)?;
assert_owned_by(accept_payment_info, &store.token_program)?;
if auction.authority != *auction_manager_info.key && auction.authority != *authority_info.key {
return Err(MetaplexError::AuctionAuthorityMismatch.into());
}
if vault.authority != *auction_manager_info.key && vault.authority != *authority_info.key {
return Err(MetaplexError::VaultAuthorityMismatch.into());
}
if auction.state != AuctionState::Created {
return Err(MetaplexError::AuctionMustBeCreated.into());
}