Problem
TestTokenV2.SettlementFactory_SettleBatch extra args are carry the account-configs of all allocations that are being settled. The current implementation passes them unchanged to all Allocation_Settle calls. Thus leaking the account configs of all counter-parties.
Proposal
- change the default
settleBatch implementation in token-standard-utils to take a filterExtraArgs argument
- use that in the
TestTokenV2 implementation to remove this privacy leak
Kudos to @johan-da for discovering this problem.
Problem
TestTokenV2.SettlementFactory_SettleBatchextra args are carry the account-configs of all allocations that are being settled. The current implementation passes them unchanged to allAllocation_Settlecalls. Thus leaking the account configs of all counter-parties.Proposal
settleBatchimplementation intoken-standard-utilsto take afilterExtraArgsargumentTestTokenV2implementation to remove this privacy leakKudos to @johan-da for discovering this problem.