fix: Add runtime caller validation for change_beneficiary (#761)

* Add runtime caller validation for change_beneficiary
* Miner tests: expect_validate_caller_any for calls to change_beneficiary
* Test VM fix: Fail if caller isn't validated

Co-authored-by: Aayush <arajasek94@gmail.com>
Co-authored-by: zenground0 <ZenGround0@users.noreply.github.com>

Author: 3 people

actors/miner/src/lib.rs

@@ -3297,6 +3297,7 @@ impl Actor {
         BS: Blockstore,
         RT: Runtime<BS>,
     {
+        rt.validate_immediate_caller_accept_any()?;
         let caller = rt.message().caller();
         let new_beneficiary =
             Address::new_id(rt.resolve_address(&params.new_beneficiary).ok_or_else(|| {

actors/miner/tests/util.rs

@@ -2266,10 +2266,12 @@ impl ActorHarness {
             new_expiration: beneficiary_term.expiration,
         };
         let raw_bytes = &RawBytes::serialize(param).unwrap();
+        rt.expect_validate_caller_any();
         rt.call::<Actor>(Method::ChangeBeneficiary as u64, raw_bytes)?;
         rt.verify();
 
         rt.set_caller(*ACCOUNT_ACTOR_CODE_ID, beneficiary_id_addr);
+        rt.expect_validate_caller_any();
         rt.call::<Actor>(Method::ChangeBeneficiary as u64, raw_bytes)?;
         rt.verify();
 
@@ -2284,6 +2286,7 @@ impl ActorHarness {
         beneficiary_change: &BeneficiaryChange,
         expect_beneficiary_addr: Option<Address>,
     ) -> Result<RawBytes, ActorError> {
+        rt.expect_validate_caller_any();
         rt.set_address_actor_type(
             beneficiary_change.beneficiary_addr.clone(),
             *ACCOUNT_ACTOR_CODE_ID,

test_vm/src/lib.rs

@@ -14,6 +14,7 @@ use fil_actor_power::{Actor as PowerActor, Method as MethodPower, State as Power
 use fil_actor_reward::{Actor as RewardActor, State as RewardState};
 use fil_actor_system::{Actor as SystemActor, State as SystemState};
 use fil_actor_verifreg::{Actor as VerifregActor, State as VerifRegState};
+use fil_actors_runtime::actor_error;
 use fil_actors_runtime::cbor::serialize;
 use fil_actors_runtime::runtime::builtins::Type;
 use fil_actors_runtime::runtime::{
@@ -671,7 +672,8 @@ impl<'invocation, 'bs> InvocationCtx<'invocation, 'bs> {
         // call target actor
         let to_actor = self.v.get_actor(to_addr).unwrap();
         let params = self.msg.params.clone();
-        let res = match ACTOR_TYPES.get(&to_actor.code).expect("Target actor is not a builtin") {
+        let mut res = match ACTOR_TYPES.get(&to_actor.code).expect("Target actor is not a builtin")
+        {
             Type::Account => AccountActor::invoke_method(self, self.msg.method, &params),
             Type::Cron => CronActor::invoke_method(self, self.msg.method, &params),
             Type::Init => InitActor::invoke_method(self, self.msg.method, &params),
@@ -686,9 +688,13 @@ impl<'invocation, 'bs> InvocationCtx<'invocation, 'bs> {
             // Type::EVM => panic!("no EVM"),
             Type::DataCap => DataCapActor::invoke_method(self, self.msg.method, &params),
         };
+        if res.is_ok() && !self.caller_validated {
+            res = Err(actor_error!(assertion_failed, "failed to validate caller"));
+        }
         if res.is_err() {
             self.v.rollback(prior_root)
         };
+
         res
     }
 }
@@ -754,6 +760,7 @@ impl<'invocation, 'bs> Runtime<&'bs MemoryBlockstore> for InvocationCtx<'invocat
                 "caller double validated".to_string(),
             ));
         }
+        self.caller_validated = true;
         for addr in addresses {
             if *addr == self.msg.from {
                 return Ok(());
@@ -775,6 +782,7 @@ impl<'invocation, 'bs> Runtime<&'bs MemoryBlockstore> for InvocationCtx<'invocat
                 "caller double validated".to_string(),
             ));
         }
+        self.caller_validated = true;
         let to_match = ACTOR_TYPES.get(&self.v.get_actor(self.msg.from).unwrap().code).unwrap();
         if types.into_iter().any(|t| *t == *to_match) {
             return Ok(());