From 1bfaefb240d08eb0a8a5d6743d529604383f6e43 Mon Sep 17 00:00:00 2001 From: fragosti Date: Fri, 21 Sep 2018 16:24:45 +0200 Subject: Add order provider response validation --- packages/asset-buyer/src/asset_buyer.ts | 4 ++++ packages/asset-buyer/src/types.ts | 1 + .../asset-buyer/src/utils/order_provider_response_processor.ts | 10 ++++++++++ 3 files changed, 15 insertions(+) diff --git a/packages/asset-buyer/src/asset_buyer.ts b/packages/asset-buyer/src/asset_buyer.ts index 9774a8d39..03f9b5a2b 100644 --- a/packages/asset-buyer/src/asset_buyer.ts +++ b/packages/asset-buyer/src/asset_buyer.ts @@ -269,6 +269,10 @@ export class AssetBuyer { const [targetOrderProviderResponse, feeOrderProviderResponse] = await Promise.all( _.map(requests, async request => this.orderProvider.getOrdersAsync(request)), ); + // since the order provider is an injected dependency, validate that it respects the API + // ie. it should only return maker/taker assetDatas that are specified + orderProviderResponseProcessor.throwIfInvalidResponse(targetOrderProviderResponse, targetOrderProviderRequest); + orderProviderResponseProcessor.throwIfInvalidResponse(feeOrderProviderResponse, feeOrderProviderRequest); // process the responses into one object const ordersAndFillableAmounts = await orderProviderResponseProcessor.processAsync( targetOrderProviderResponse, diff --git a/packages/asset-buyer/src/types.ts b/packages/asset-buyer/src/types.ts index 5df8e632a..ee6858525 100644 --- a/packages/asset-buyer/src/types.ts +++ b/packages/asset-buyer/src/types.ts @@ -68,6 +68,7 @@ export enum AssetBuyerError { InsufficientAssetLiquidity = 'INSUFFICIENT_ASSET_LIQUIDITY', InsufficientZrxLiquidity = 'INSUFFICIENT_ZRX_LIQUIDITY', NoAddressAvailable = 'NO_ADDRESS_AVAILABLE', + InvalidOrderProviderResponse = 'INVALID_ORDER_PROVIDER_RESPONSE', } /** diff --git a/packages/asset-buyer/src/utils/order_provider_response_processor.ts b/packages/asset-buyer/src/utils/order_provider_response_processor.ts index 79e15c3d8..2f3208a55 100644 --- a/packages/asset-buyer/src/utils/order_provider_response_processor.ts +++ b/packages/asset-buyer/src/utils/order_provider_response_processor.ts @@ -7,7 +7,9 @@ import * as _ from 'lodash'; import { constants } from '../constants'; import { + AssetBuyerError, AssetBuyerOrdersAndFillableAmounts, + OrderProviderRequest, OrderProviderResponse, SignedOrderWithRemainingFillableMakerAssetAmount, } from '../types'; @@ -20,6 +22,14 @@ interface OrdersAndRemainingFillableMakerAssetAmounts { } export const orderProviderResponseProcessor = { + throwIfInvalidResponse(response: OrderProviderResponse, request: OrderProviderRequest): void { + const { makerAssetData, takerAssetData } = request; + _.forEach(response.orders, order => { + if (order.makerAssetData !== makerAssetData || order.takerAssetData !== takerAssetData) { + throw new Error(AssetBuyerError.InvalidOrderProviderResponse); + } + }); + }, /** * Take the responses for the target orders to buy and fee orders and process them. * Processing includes: -- cgit v1.2.3