Prevent transfers to yourself (#4471)

open-chat-labs · Oct 2, 2023 · efd9c97 · efd9c97
1 parent 344cb99
commit efd9c97
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 2 deletions.
diff --git a/backend/canisters/user/CHANGELOG.md b/backend/canisters/user/CHANGELOG.md
@@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 
 - Notifications for custom messages should use the sub-type ([#4465](https://github.com/open-chat-labs/open-chat/pull/4465))
+- Prevent transfers to yourself ([#4471](https://github.com/open-chat-labs/open-chat/pull/4471))
 
 ## [[2.0.867](https://github.com/open-chat-labs/open-chat/releases/tag/v2.0.867-user)] - 2023-09-27
 

diff --git a/backend/canisters/user/api/can.did b/backend/canisters/user/api/can.did
@@ -34,6 +34,7 @@ type SendMessageResponse = variant {
     InvalidRequest : text;
     TransferFailed : text;
     TransferCannotBeZero;
+    TransferCannotBeToSelf;
     UserSuspended;
     InternalError : text;
 };
@@ -447,6 +448,7 @@ type SendMessageWithTransferToChannelResponse = variant {
     InvalidRequest : text;
     TransferFailed : text;
     TransferCannotBeZero;
+    TransferCannotBeToSelf;
     UserSuspended;
     CommunityFrozen;
     RulesNotAccepted;
@@ -482,6 +484,7 @@ type SendMessageWithTransferToGroupResponse = variant {
     InvalidRequest : text;
     TransferFailed : text;
     TransferCannotBeZero;
+    TransferCannotBeToSelf;
     UserSuspended;
     ChatFrozen;
     RulesNotAccepted;

diff --git a/backend/canisters/user/api/src/updates/send_message_v2.rs b/backend/canisters/user/api/src/updates/send_message_v2.rs
@@ -29,6 +29,7 @@ pub enum Response {
     InvalidRequest(String),
     TransferFailed(String),
     TransferCannotBeZero,
+    TransferCannotBeToSelf,
     UserSuspended,
     InternalError(String),
 }

diff --git a/backend/canisters/user/api/src/updates/send_message_with_transfer_to_channel.rs b/backend/canisters/user/api/src/updates/send_message_with_transfer_to_channel.rs
@@ -32,6 +32,7 @@ pub enum Response {
     InvalidRequest(String),
     TransferFailed(String),
     TransferCannotBeZero,
+    TransferCannotBeToSelf,
     UserSuspended,
     CommunityFrozen,
     RulesNotAccepted,

diff --git a/backend/canisters/user/api/src/updates/send_message_with_transfer_to_group.rs b/backend/canisters/user/api/src/updates/send_message_with_transfer_to_group.rs
@@ -29,6 +29,7 @@ pub enum Response {
     InvalidRequest(String),
     TransferFailed(String),
     TransferCannotBeZero,
+    TransferCannotBeToSelf,
     UserSuspended,
     ChatFrozen,
     RulesNotAccepted,

diff --git a/backend/canisters/user/impl/src/updates/send_message.rs b/backend/canisters/user/impl/src/updates/send_message.rs
@@ -138,7 +138,11 @@ fn validate_request(args: &Args, state: &RuntimeState) -> ValidateRequestResult
             }
         })
     } else if args.recipient == my_user_id {
-        ValidateRequestResult::Valid(my_user_id, UserType::_Self)
+        if matches!(args.content, MessageContentInitial::Crypto(_)) {
+            ValidateRequestResult::Invalid(TransferCannotBeToSelf)
+        } else {
+            ValidateRequestResult::Valid(my_user_id, UserType::_Self)
+        }
     } else if let Some(chat) = state.data.direct_chats.get(&args.recipient.into()) {
         let user_type = if chat.is_bot { UserType::Bot } else { UserType::User };
         ValidateRequestResult::Valid(my_user_id, user_type)

diff --git a/backend/canisters/user/impl/src/updates/send_message_with_transfer.rs b/backend/canisters/user/impl/src/updates/send_message_with_transfer.rs
@@ -34,6 +34,7 @@ async fn send_message_with_transfer_to_channel(
         PrepareResult::RecipientBlocked => return RecipientBlocked,
         PrepareResult::InvalidRequest(t) => return InvalidRequest(t),
         PrepareResult::TransferCannotBeZero => return TransferCannotBeZero,
+        PrepareResult::TransferCannotBeToSelf => return TransferCannotBeToSelf,
     };
 
     // Make the crypto transfer
@@ -111,6 +112,7 @@ async fn send_message_with_transfer_to_group(
         PrepareResult::RecipientBlocked => return RecipientBlocked,
         PrepareResult::InvalidRequest(t) => return InvalidRequest(t),
         PrepareResult::TransferCannotBeZero => return TransferCannotBeZero,
+        PrepareResult::TransferCannotBeToSelf => return TransferCannotBeToSelf,
     };
 
     // Make the crypto transfer
@@ -169,6 +171,7 @@ enum PrepareResult {
     RecipientBlocked,
     InvalidRequest(String),
     TransferCannotBeZero,
+    TransferCannotBeToSelf,
 }
 
 fn prepare(content: &MessageContentInitial, state: &RuntimeState) -> PrepareResult {
@@ -184,6 +187,10 @@ fn prepare(content: &MessageContentInitial, state: &RuntimeState) -> PrepareResu
 
     let pending_transaction = match &content {
         MessageContentInitial::Crypto(c) => {
+            let my_user_id = state.env.canister_id().into();
+            if c.recipient == my_user_id {
+                return TransferCannotBeToSelf;
+            }
             if state.data.blocked_users.contains(&c.recipient) {
                 return RecipientBlocked;
             }

diff --git a/frontend/app/src/components/home/CryptoTransferBuilder.svelte b/frontend/app/src/components/home/CryptoTransferBuilder.svelte
@@ -56,7 +56,7 @@
         // default the receiver to the other user in a direct chat
         if (chat.kind === "direct_chat") {
             receiver = $userStore[chat.them.userId];
-        } else if (defaultReceiver !== undefined) {
+        } else if (defaultReceiver !== undefined && defaultReceiver !== user.userId) {
             receiver = $userStore[defaultReceiver];
         }
     });