Rate limit account recovery

gdseller · Jul 21, 2016 · 2558ec3 · 2558ec3
1 parent cf36e63
commit 2558ec3
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/libraries/chain/include/steemit/chain/account_object.hpp b/libraries/chain/include/steemit/chain/account_object.hpp
@@ -36,6 +36,7 @@ namespace steemit { namespace chain {
          time_point_sec  last_owner_proved = time_point_sec::min();
          time_point_sec  last_active_proved = time_point_sec::min();
          string          recovery_account = "";
+         time_point_sec  last_account_recovery;
          uint32_t        comment_count = 0;
          uint32_t        lifetime_vote_count = 0;
          uint32_t        post_count = 0;
@@ -347,7 +348,7 @@ namespace steemit { namespace chain {
 FC_REFLECT_DERIVED( steemit::chain::account_object, (graphene::db::object),
                     (name)(owner)(active)(posting)(memo_key)(json_metadata)(proxy)(last_owner_update)
                     (created)(mined)
-                    (owner_challenged)(active_challenged)(last_owner_proved)(last_active_proved)(recovery_account)
+                    (owner_challenged)(active_challenged)(last_owner_proved)(last_active_proved)(recovery_account)(last_account_recovery)
                     (comment_count)(lifetime_vote_count)(post_count)(voting_power)(last_vote_time)
                     (balance)
                     (sbd_balance)(sbd_seconds)(sbd_seconds_last_update)(sbd_last_interest_payment)

diff --git a/libraries/chain/steem_evaluator.cpp b/libraries/chain/steem_evaluator.cpp
@@ -1424,6 +1424,11 @@ void recover_account_evaluator::do_apply( const recover_account_operation& o )
 {
    FC_ASSERT( db().has_hardfork( STEEMIT_HARDFORK_0_11__169 ) );
 
+   const auto& account = db().get_account( o.account_to_recover );
+
+   if( db().has_hardfork( STEEMIT_HARDFORK_0_12 ) )
+      FC_ASSERT( db().head_block_time() - account.last_account_recovery > STEEMIT_OWNER_UPDATE_LIMIT );
+
    const auto& recovery_request_idx = db().get_index_type< account_recovery_request_index >().indices().get< by_account >();
    auto request = recovery_request_idx.find( o.account_to_recover );
 
@@ -1444,7 +1449,11 @@ void recover_account_evaluator::do_apply( const recover_account_operation& o )
    FC_ASSERT( found, "Recent authority not found in authority history" );
 
    db().remove( *request ); // Remove first, update_owner_authority may invalidate iterator
-   db().update_owner_authority( db().get_account( o.account_to_recover ), o.new_owner_authority );
+   db().update_owner_authority( account, o.new_owner_authority );
+   db().modify( account, [&]( account_object& a )
+   {
+      a.last_account_recovery = db().head_block_time();
+   });
 }
 
 void change_recovery_account_evaluator::do_apply( const change_recovery_account_operation& o )