Skip to content

fix(field): require caller ownership and cancel listings on combinePlots#179

Merged
fr1jo merged 5 commits intofrijo/release/PI-15from
fix/combine-plots-cancel-listings
Feb 5, 2026
Merged

fix(field): require caller ownership and cancel listings on combinePlots#179
fr1jo merged 5 commits intofrijo/release/PI-15from
fix/combine-plots-cancel-listings

Conversation

@fr1jo
Copy link
Copy Markdown
Contributor

@fr1jo fr1jo commented Feb 4, 2026

Summary

  • Add authorization check: caller must own the plots being combined
  • Cancel any existing pod listings before deleting combined plots
  • Remove permissionless access comment from natspec

Context

During security review of PI-15, identified that combinePlots() was permissionless and could leave orphaned marketplace listings:

  1. Permissionless issue: Any account could combine any other account's plots, which while not stealing funds, modifies user state without consent
  2. Orphaned listings: If a plot had an active marketplace listing and was combined away (not the first plot), the listing would remain in storage but become unfillable

Changes

// Added authorization
require(LibTractor._user() == account, "Field: Caller must own plots");

// Cancel listing before deleting plot
if (s.sys.podListings[fieldId][plotIndexes[i]] != bytes32(0)) {
    LibMarket._cancelPodListing(account, fieldId, plotIndexes[i]);
}

Test plan

  • Verify existing combinePlots tests still pass
  • Add test for unauthorized caller rejection
  • Add test for listing cancellation on combine

🤖 Generated with Claude Code

fr1jo and others added 5 commits February 4, 2026 12:19
@fr1jo @claude
fix(field): require caller ownership and cancel listings on combinePlots
1541ad0 
- Add authorization check: caller must own the plots being combined
- Cancel any existing pod listings before deleting combined plots
- Remove permissionless access comment from natspec

This prevents orphaned marketplace listings when plots are combined
and ensures only the plot owner can trigger the combine operation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fr1jo @claude
test(field): update combinePlots tests for ownership requirement
52da5bb 
- Add vm.prank(farmers[0]) before combinePlots calls
- Add test_combinePlotsUnauthorized to verify auth check

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fr1jo @claude
refactor(field): remove redundant account param from combinePlots
e36d552 
Since caller must own the plots, derive account from LibTractor._user()
instead of requiring it as a parameter.

- Remove account parameter from combinePlots function signature
- Update IMockFBeanstalk interface
- Update tests to use new signature
- Update error message to "Field: Plot not owned by caller"

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fr1jo
Merge e36d552 into ae61347
1ecf6ec
@actions-user @claude
auto-format: prettier formatting for Solidity files
69ea9c0 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@fr1jo fr1jo merged commit bba71e1 into frijo/release/PI-15 Feb 5, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@beany-bot beany-bot beany-bot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fr1jo @beany-bot @actions-user