Prevent the patron from being the vendor

dfinity · Oct 1, 2024 · f52bda4 · f52bda4
1 parent 12684b2
commit f52bda4
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/src/api/src/error.rs b/src/api/src/error.rs
@@ -24,4 +24,5 @@ pub enum PaymentError {
         needed: TokenAmount,
         available: TokenAmount,
     },
+    InvalidPatron,
 }
diff --git a/src/guard/src/guards/icrc2_cycles.rs b/src/guard/src/guards/icrc2_cycles.rs
@@ -52,6 +52,12 @@ impl Default for Icrc2CyclesPaymentGuard {
 
 impl PaymentGuard for Icrc2CyclesPaymentGuard {
     async fn deduct(&self, fee: TokenAmount) -> Result<(), PaymentError> {
+        // The patron must not be the vendor itself (this canister).
+        if self.payer_account.owner == self.own_canister_id {
+            return Err(PaymentError::InvalidPatron);
+        }
+        // The cycles ledger has a special `withdraw_from` method, similar to `transfer_from`,
+        // but that adds the cycles to the canister rather than putting it into a ledger account.
         cycles_ledger_client::Service(cycles_ledger_canister_id())
             .withdraw_from(&WithdrawFromArgs {
                 to: self.own_canister_id,

diff --git a/src/guard/src/guards/patron_pays_icrc2_tokens.rs b/src/guard/src/guards/patron_pays_icrc2_tokens.rs
@@ -28,6 +28,10 @@ impl PatronPaysIcrc2TokensPaymentGuard {
 
 impl PaymentGuard for PatronPaysIcrc2TokensPaymentGuard {
     async fn deduct(&self, cost: TokenAmount) -> Result<(), PaymentError> {
+        // The patron must not be the vendor itself (this canister).
+        if self.payer_account.owner == self.own_canister_id {
+            return Err(PaymentError::InvalidPatron);
+        }
         // Note: The cycles ledger client is ICRC-2 compatible so can be used here.
         cycles_ledger_client::Service(self.ledger)
             .icrc_2_transfer_from(&TransferFromArgs {