Skip to content

fix: apply 4 security patches to BaseCreditPool#329

Open
bin-57blocks wants to merge 3 commits into
contract-factoryfrom
security-patches
Open

fix: apply 4 security patches to BaseCreditPool#329
bin-57blocks wants to merge 3 commits into
contract-factoryfrom
security-patches

Conversation

@bin-57blocks

Copy link
Copy Markdown
Contributor
  • Patch 1: disable requestCredit (no-op, use approveCredit instead)
  • Patch 2: restrict triggerDefault to EA service account
  • Patch 3: refreshAccount only processes GoodStanding/Delayed (silent no-op otherwise)
  • Patch 4: prevent Defaulted state from being reset to GoodStanding in _updateDueInfo

- HDT: add _beforeTokenTransfer hook, only mint/burn allowed, user transfers revert with transferNotAllowed()
- BaseCreditPool: refreshAccount restricted to PDS service account via onlyPDSServiceAccount()
- Errors: add transferNotAllowed() custom error
- Tests: add HDT transfer block test, refreshAccount PDS rejection test, fix all bare refreshAccount calls
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants