Disallow the zero address in MixinAuthorizable

2019-07-30 15:52:18 -07:00
parent b4a3218b13
commit 858ccfa934
3 changed files with 13 additions and 1 deletions
--- a/contracts/asset-proxy/contracts/src/MixinAuthorizable.sol
+++ b/contracts/asset-proxy/contracts/src/MixinAuthorizable.sol
@@ -1,6 +1,6 @@
 /*

-  Copyright 2018 ZeroEx Intl.
+  Copyright 2019 ZeroEx Intl.

  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -44,6 +44,10 @@ contract MixinAuthorizable is
        external
        onlyOwner
    {
+        require(
+            target != address(0),
+            "ZERO_CANT_BE_AUTHORIZED"
+        );
        require(
            !authorized[target],
            "TARGET_ALREADY_AUTHORIZED"
--- a/contracts/asset-proxy/test/authorizable.ts
+++ b/contracts/asset-proxy/test/authorizable.ts
@@ -27,9 +27,11 @@ describe('Authorizable', () => {
    before(async () => {
        await blockchainLifecycle.startAsync();
    });
+
    after(async () => {
        await blockchainLifecycle.revertAsync();
    });
+
    before(async () => {
        const accounts = await web3Wrapper.getAvailableAddressesAsync();
        [owner, address, notOwner] = _.slice(accounts, 0, 3);
@@ -39,18 +41,22 @@ describe('Authorizable', () => {
            txDefaults,
        );
    });
+
    beforeEach(async () => {
        await blockchainLifecycle.startAsync();
    });
+
    afterEach(async () => {
        await blockchainLifecycle.revertAsync();
    });
+
    describe('addAuthorizedAddress', () => {
        it('should revert if not called by owner', async () => {
            const expectedError = new OwnableRevertErrors.OnlyOwnerError(notOwner, owner);
            const tx = authorizable.addAuthorizedAddress.sendTransactionAsync(notOwner, { from: notOwner });
            return expect(tx).to.revertWith(expectedError);
        });
+
        it('should allow owner to add an authorized address', async () => {
            await authorizable.addAuthorizedAddress.awaitTransactionSuccessAsync(
                address,
@@ -168,6 +174,7 @@ describe('Authorizable', () => {
                RevertReason.AuthorizedAddressMismatch,
            );
        });
+
        it('should allow owner to remove an authorized address', async () => {
            await authorizable.addAuthorizedAddress.awaitTransactionSuccessAsync(
                address,
--- a/packages/types/src/index.ts
+++ b/packages/types/src/index.ts
@@ -268,6 +268,7 @@ export enum RevertReason {
    SenderNotAuthorized = 'SENDER_NOT_AUTHORIZED',
    TargetNotAuthorized = 'TARGET_NOT_AUTHORIZED',
    TargetAlreadyAuthorized = 'TARGET_ALREADY_AUTHORIZED',
+    ZeroCantBeAuthorized = 'ZERO_CANT_BE_AUTHORIZED',
    IndexOutOfBounds = 'INDEX_OUT_OF_BOUNDS',
    AuthorizedAddressMismatch = 'AUTHORIZED_ADDRESS_MISMATCH',
    OnlyContractOwner = 'ONLY_CONTRACT_OWNER',