Audit Fixes 9 : Misleading success response for non-xion auth operations (#553)

Kayanski · web-flow · commit 3ec6c4571143 · 2024-12-06T15:39:20.000+01:00
diff --git a/framework/contracts/account/src/error.rs b/framework/contracts/account/src/error.rs
@@ -121,6 +121,9 @@ pub enum AccountError {
         contract: String,
     },
 
+    #[error("No auth methods capabilities on this account (xion feature disabled)")]
+    NoAuthMethods {},
+
     #[error("Abstract Account don't have Authentication")]
     AbsAccNoAuth {},
 
diff --git a/framework/contracts/account/src/execution.rs b/framework/contracts/account/src/execution.rs
@@ -131,7 +131,7 @@ pub fn add_auth_method(
     }
     #[cfg(not(feature = "xion"))]
     {
-        Ok(AccountResponse::action("add_auth"))
+        Err(AccountError::NoAuthMethods {})
     }
 }
 
@@ -143,7 +143,7 @@ pub fn remove_auth_method(_deps: DepsMut, _env: Env, _info: MessageInfo, _id: u8
     }
     #[cfg(not(feature = "xion"))]
     {
-        Ok(AccountResponse::action("remove_auth"))
+        Err(AccountError::NoAuthMethods {})
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ pub fn add_auth_method(`
`131`	`131`	`}`
`132`	`132`	`#[cfg(not(feature = "xion"))]`
`133`	`133`	`{`
`134`		`- Ok(AccountResponse::action("add_auth"))`
	`134`	`+ Err(AccountError::NoAuthMethods {})`
`135`	`135`	`}`
`136`	`136`	`}`
`137`	`137`
`@@ -143,7 +143,7 @@ pub fn remove_auth_method(_deps: DepsMut, _env: Env, _info: MessageInfo, _id: u8`
`143`	`143`	`}`
`144`	`144`	`#[cfg(not(feature = "xion"))]`
`145`	`145`	`{`
`146`		`- Ok(AccountResponse::action("remove_auth"))`
	`146`	`+ Err(AccountError::NoAuthMethods {})`
`147`	`147`	`}`
`148`	`148`	`}`
`149`	`149`