Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control Plane does not check asset id when initiating transfer process #4240

Closed
bscholtes1A opened this issue Jun 6, 2024 · 1 comment · Fixed by #4264
Closed

Control Plane does not check asset id when initiating transfer process #4240

bscholtes1A opened this issue Jun 6, 2024 · 1 comment · Fixed by #4264
Assignees
@bscholtes1A
Labels
bug_report Suspected bugs, awaiting triage

Comments

@bscholtes1A
Copy link
Contributor

Bug Report

Describe the Bug

The request for initiating a transfer process contains an assetId and a contractId field. The contractId points to a contract agreement, which itself contains an asset id.

No check is performed in order to asset that the asset id passed in the request matches the one defined in the contract agreement.

If there is a mismatch, this results in an inconsistency in the Endpoint Data Reference that is generated.

Expected Behavior

Control Plane should return a validation error if the assetId in the request does not match the one defined in the contract agreement.

Observed Behavior

No error is returned, and an inconsistent Endpoint Data Reference is generated.

Steps to Reproduce

Initiate a transfer process through the control plane management API, and use a random assetId in the request instead of the one stored in the contract.
@bscholtes1A bscholtes1A added bug_report Suspected bugs, awaiting triage triage all new issues awaiting classification labels Jun 6, 2024
@ndr-brt
Copy link
Member

ndr-brt commented Jun 6, 2024

Yes, I also think that the assetId property is definitely not needed on TransferRequest, because the assetId can be obtained by the ContractAgreement as you said.
Related to that, I think that the contractId is not validated too.

@bscholtes1A bscholtes1A self-assigned this Jun 10, 2024
This was referenced Jun 11, 2024
Closed
Merged
@paullatzelsperger paullatzelsperger removed the triage all new issues awaiting classification label Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bscholtes1A bscholtes1A

Labels
bug_report Suspected bugs, awaiting triage
Projects
None yet
Milestone
No milestone
3 participants
@ndr-brt @paullatzelsperger @bscholtes1A