Audit-5: validate meta data of PNA

bridges/snowbridge/pallets/system/src/lib.rs

@@ -249,6 +249,7 @@ pub mod pallet {
 		InvalidTokenTransferFees,
 		InvalidPricingParameters,
 		InvalidUpgradeParameters,
+		InvalidMetadata,
 	}
 
 	/// The set of registered agents
@@ -624,6 +625,7 @@ pub mod pallet {
 			metadata: AssetMetadata,
 		) -> DispatchResultWithPostInfo {
 			ensure_root(origin)?;
+			ensure!(metadata.validate(), Error::<T>::InvalidMetadata);
 
 			let location: Location =
 				(*location).try_into().map_err(|_| Error::<T>::UnsupportedLocationVersion)?;

bridges/snowbridge/pallets/system/src/mock.rs

@@ -5,14 +5,14 @@ use frame_support::{
 	derive_impl, parameter_types,
 	traits::{tokens::fungible::Mutate, ConstU128, ConstU8},
 	weights::IdentityFee,
-	PalletId,
+	BoundedVec, PalletId,
 };
 use sp_core::H256;
 use xcm_executor::traits::ConvertLocation;
 
 use snowbridge_core::{
 	gwei, meth, outbound::ConstantGasMeter, sibling_sovereign_account, AgentId, AllowSiblingsOnly,
-	ParaId, PricingParameters, Rewards,
+	AssetMetadata, ParaId, PricingParameters, Rewards,
 };
 use sp_runtime::{
 	traits::{AccountIdConversion, BlakeTwo256, IdentityLookup, Keccak256},
@@ -253,3 +253,11 @@ pub fn make_agent_id(location: Location) -> AgentId {
 	<Test as snowbridge_system::Config>::AgentIdOf::convert_location(&location)
 		.expect("convert location")
 }
+
+pub fn mock_asset_meta() -> AssetMetadata {
+	AssetMetadata {
+		name: BoundedVec::try_from("SDOT".as_bytes().to_vec()).unwrap(),
+		symbol: BoundedVec::try_from("SDOT".as_bytes().to_vec()).unwrap(),
+		decimals: 10,
+	}
+}

bridges/snowbridge/pallets/system/src/tests.rs

@@ -709,7 +709,7 @@ fn register_all_tokens_succeeds() {
 			assert_ok!(EthereumSystem::register_token(
 				origin,
 				Box::new(versioned_location),
-				Default::default()
+				mock_asset_meta()
 			));
 
 			assert_eq!(NativeToForeignId::<Test>::get(tc.reanchored.clone()), Some(tc.foreign));
@@ -739,7 +739,7 @@ fn register_ethereum_native_token_fails() {
 		);
 		let versioned_location: Box<VersionedLocation> = Box::new(location.clone().into());
 		assert_noop!(
-			EthereumSystem::register_token(origin, versioned_location, Default::default()),
+			EthereumSystem::register_token(origin, versioned_location, mock_asset_meta()),
 			Error::<Test>::LocationConversionFailed
 		);
 	});

bridges/snowbridge/primitives/core/src/lib.rs

@@ -159,6 +159,12 @@ pub struct AssetMetadata {
 	pub decimals: u8,
 }
 
+impl AssetMetadata {
+	pub fn validate(&self) -> bool {
+		self.decimals > 0 && self.name.len() > 0 && self.symbol.len() > 0
+	}
+}
+
 #[cfg(any(test, feature = "std", feature = "runtime-benchmarks"))]
 impl Default for AssetMetadata {
 	fn default() -> Self {