diff --git a/src/api/src/error.rs b/src/api/src/error.rs index 69c5578..e5e3e25 100644 --- a/src/api/src/error.rs +++ b/src/api/src/error.rs @@ -24,4 +24,5 @@ pub enum PaymentError { needed: TokenAmount, available: TokenAmount, }, + InvalidPatron, } diff --git a/src/guard/src/guards/icrc2_cycles.rs b/src/guard/src/guards/icrc2_cycles.rs index 84896e6..2db66ad 100644 --- a/src/guard/src/guards/icrc2_cycles.rs +++ b/src/guard/src/guards/icrc2_cycles.rs @@ -52,6 +52,12 @@ impl Default for Icrc2CyclesPaymentGuard { impl PaymentGuard for Icrc2CyclesPaymentGuard { async fn deduct(&self, fee: TokenAmount) -> Result<(), PaymentError> { + // The patron must not be the vendor itself (this canister). + if self.payer_account.owner == self.own_canister_id { + return Err(PaymentError::InvalidPatron); + } + // The cycles ledger has a special `withdraw_from` method, similar to `transfer_from`, + // but that adds the cycles to the canister rather than putting it into a ledger account. cycles_ledger_client::Service(cycles_ledger_canister_id()) .withdraw_from(&WithdrawFromArgs { to: self.own_canister_id, diff --git a/src/guard/src/guards/patron_pays_icrc2_tokens.rs b/src/guard/src/guards/patron_pays_icrc2_tokens.rs index f982a93..282ecfe 100644 --- a/src/guard/src/guards/patron_pays_icrc2_tokens.rs +++ b/src/guard/src/guards/patron_pays_icrc2_tokens.rs @@ -28,6 +28,10 @@ impl PatronPaysIcrc2TokensPaymentGuard { impl PaymentGuard for PatronPaysIcrc2TokensPaymentGuard { async fn deduct(&self, cost: TokenAmount) -> Result<(), PaymentError> { + // The patron must not be the vendor itself (this canister). + if self.payer_account.owner == self.own_canister_id { + return Err(PaymentError::InvalidPatron); + } // Note: The cycles ledger client is ICRC-2 compatible so can be used here. cycles_ledger_client::Service(self.ledger) .icrc_2_transfer_from(&TransferFromArgs {