Skip to content

Audit: Remove UtxoOwner keys after spending#317

Merged
justinfrevert merged 5 commits into
mainfrom
byap/utxoowners
Feb 23, 2026
Merged

Audit: Remove UtxoOwner keys after spending#317
justinfrevert merged 5 commits into
mainfrom
byap/utxoowners

Conversation

@b-yap

@b-yap b-yap commented Dec 2, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Overview

For https://shielded.atlassian.net/browse/PM-19770
The take method removes the key from storage, if found.

🗹 TODO before merging

  • Ready

📌 Submission Checklist

  • Changes are backward-compatible (or flagged if breaking)
  • Pull request description explains why the change is needed
  • Self-reviewed the diff
  • I have included a change file, or skipped for this reason:
  • If the changes introduce a new feature, I have bumped the node minor version
  • Update documentation (if relevant)
  • No new todos introduced

🧪 Testing Evidence

Please describe any additional testing aside from CI:

  • Additional tests are provided (if possible)

🔱 Fork Strategy

  • Node Runtime Update
  • Node Client Update
  • Other:
  • N/A

Links

@b-yap b-yap mentioned this pull request Dec 2, 2025
Closed
13 tasks
@github-actions

github-actions Bot commented Dec 2, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Logo
Checkmarx One – Scan Summary & Details07a155bc-0976-4adc-b84b-6e58e26615f6

Great job! No new security vulnerabilities introduced in this pull request

@b-yap b-yap marked this pull request as ready for review December 2, 2025 13:35
@b-yap b-yap requested a review from a team as a code owner December 2, 2025 13:35
ozgb
ozgb previously approved these changes Dec 2, 2025
View reviewed changes

@ozgb ozgb left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, LGTM

@m2ux m2ux self-assigned this Dec 12, 2025
@m2ux

m2ux commented Dec 12, 2025

Copy link
Copy Markdown
Contributor

Fix looked incomplete. Please re-review.

@m2ux m2ux requested a review from ozgb December 12, 2025 11:25
b-yap and others added 3 commits December 12, 2025 15:16
@b-yap @m2ux
use take instead of get in handle_spend function
4360a56 
Signed-off-by: B. Yap <2826165+b-yap@users.noreply.github.com>
@b-yap @m2ux
add changes file
d9dc699 
Signed-off-by: B. Yap <2826165+b-yap@users.noreply.github.com>
@m2ux
use take instead of get in handle_redemption_spend function
29f98ab 
This completes the audit fix PM-19770 by also removing the UtxoOwners key
after spending in handle_redemption_spend, matching the fix already applied
to handle_spend.
@m2ux m2ux removed their assignment Dec 12, 2025
@CLAassistant

CLAassistant commented Feb 5, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@github-actions

github-actions Bot commented Feb 23, 2026

Copy link
Copy Markdown
Contributor

kics-logo

KICS version: v2.1.16

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 96
LOW LOW 12
INFO INFO 83
TRACE TRACE 0
TOTAL TOTAL 191
Metric Values
Files scanned placeholder 31
Files parsed placeholder 31
Files failed to scan placeholder 0
Total executed queries placeholder 73
Queries failed to execute placeholder 0
Execution time placeholder 9

@justinfrevert justinfrevert added this pull request to the merge queue Feb 23, 2026
Merged via the queue into main with commit 4503b89 Feb 23, 2026
38 of 39 checks passed
@justinfrevert justinfrevert deleted the byap/utxoowners branch February 23, 2026 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justinfrevert justinfrevert justinfrevert approved these changes

@ozgb ozgb Awaiting requested review from ozgb

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@b-yap @m2ux @CLAassistant @ozgb @justinfrevert