Skip to content

fix(contract): scope seal_approve authorization to the account owner#371

Merged
ducnmm merged 1 commit into
devfrom
fix/seal-approve-owner-scope
Jul 8, 2026
Merged

fix(contract): scope seal_approve authorization to the account owner#371
ducnmm merged 1 commit into
devfrom
fix/seal-approve-owner-scope

Conversation

@ducnmm

@ducnmm ducnmm commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

What

seal_approve now requires the requested key id to be namespaced to the account owner on both the owner and delegate paths, and returns early for the owner. This binds id to the passed account, so a delegate is only ever authorized for the data of the account it is registered on.

Test

Adds a regression test (test_seal_approve_delegate_rejects_unrelated_id) asserting a delegate is denied an id scoped to an unrelated owner.

sui move test48/48 pass (existing owner/delegate/unauthorized cases unchanged).

Code-only change; no deploy in this PR.

Require the requested key id to be namespaced to the account owner on both
the owner and delegate paths (the owner returns early). This binds `id` to
the passed `account`, so a delegate is only ever authorized for the data of
the account it is registered on.

Adds a regression test asserting a delegate is denied an id scoped to an
unrelated owner (aborts ENoAccess). 48/48 tests pass. Code-only change; not
deployed.
@ducnmm ducnmm merged commit 97754fc into dev Jul 8, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants