Return error if enable 2FA request has PubKeyHash set

avocadocoder73 · Mar 7, 2022 · 8f81b89 · 8f81b89
1 parent 0b33353
commit 8f81b89
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/core/bin/zksync_api/src/api_server/tx_sender.rs b/core/bin/zksync_api/src/api_server/tx_sender.rs
@@ -242,6 +242,12 @@ impl TxSender {
             return Err(SubmitError::Toggle2FA(Toggle2FAError::CREATE2));
         }
 
+        // When 2FA is being enabled, supplied PubKeyHash is not used, so such a request
+        // is not valid.
+        if toggle_2fa.enable && toggle_2fa.pub_key_hash.is_some() {
+            return Err(SubmitError::Toggle2FA(Toggle2FAError::UnusedPubKeyHash));
+        }
+
         let new_type = if toggle_2fa.enable {
             EthAccountType::Owned
         } else {

diff --git a/core/bin/zksync_api/src/tx_error.rs b/core/bin/zksync_api/src/tx_error.rs
@@ -57,4 +57,7 @@ pub enum Toggle2FAError {
 
     #[error("Can not change 2FA for a CREATE2 account")]
     CREATE2,
+
+    #[error("Request to enable 2FA should not have PubKeyHash field set")]
+    UnusedPubKeyHash,
 }
diff --git a/core/tests/ts-tests/tests/suits/no2fa.ts b/core/tests/ts-tests/tests/suits/no2fa.ts
@@ -123,6 +123,26 @@ describe(`No2FA tests`, () => {
         await tester.testWithdraw(hilda, token, TX_AMOUNT);
     });
 
+    step('Switching 2FA on & providing PubKeyHash should fail', async () => {
+        // Provide a PubKeyHash. Together with `enable: true` server is expected to return an error.
+        const randomPrivateKey = await crypto.privateKeyFromSeed(utils.randomBytes(32));
+        const randomPubKeyHash = await crypto.privateKeyToPubKeyHash(randomPrivateKey);
+        let thrown = false;
+        try {
+            await hildaWithEthSigner.toggle2FA(true, randomPubKeyHash);
+        } catch (e) {
+            thrown = true;
+        }
+        expect(thrown, "Request with 'enable: true' and PubKeyHash provided was processed by server").to.be.true;
+
+        // Account type should not change.
+        const expectedPubKeyHash = await crypto.privateKeyToPubKeyHash(zkPrivateKey);
+        const accountState = await hilda.getAccountState();
+        expect(accountState.accountType, 'Incorrect account type').to.be.eql({
+            No2FA: expectedPubKeyHash
+        });
+    });
+
     step('Test switching 2FA on', async () => {
         await hildaWithEthSigner.toggle2FA(true);
         const accountState = await hilda.getAccountState();