@@ -241,6 +241,42 @@ mod tests {
241241 contract. submit_beacon_chain_light_client_update ( updates[ 1 ] . clone ( ) ) ;
242242 }
243243
244+ #[ test]
245+ #[ should_panic( expected = "Relayer is not active" ) ]
246+ pub fn test_panic_on_submit_light_client_update_without_trusted_relayer_role ( ) {
247+ // accounts(1) does NOT have the UnrestrictedSubmitLightClientUpdate
248+ // bypass role, so the trusted_relayer guard must reject the call.
249+ let unauthorized = accounts ( 1 ) ;
250+ let TestContext {
251+ mut contract,
252+ headers : _,
253+ updates,
254+ } = get_test_context ( None ) ;
255+ set_env ! ( prepaid_gas: Gas :: from_tgas( 1_000_000 ) , predecessor_account_id: unauthorized) ;
256+ contract. submit_beacon_chain_light_client_update ( updates[ 1 ] . clone ( ) ) ;
257+ }
258+
259+ #[ test]
260+ #[ should_panic( expected = "Relayer is not active" ) ]
261+ pub fn test_panic_on_submit_execution_header_without_trusted_relayer_role ( ) {
262+ // First, advance the contract into SubmitHeader mode via an authorized
263+ // submitter (accounts(0) which has bypass roles), then attempt to call
264+ // submit_execution_header from an unauthorized account (accounts(1)).
265+ let submitter = accounts ( 0 ) ;
266+ let unauthorized = accounts ( 1 ) ;
267+ let TestContext {
268+ mut contract,
269+ headers,
270+ updates,
271+ } = get_test_context ( None ) ;
272+ set_env ! ( prepaid_gas: Gas :: from_tgas( 1_000_000 ) , predecessor_account_id: submitter) ;
273+ contract. submit_beacon_chain_light_client_update ( updates[ 1 ] . clone ( ) ) ;
274+
275+ // Now switch to the unauthorized caller
276+ set_env ! ( prepaid_gas: Gas :: from_tgas( 1_000_000 ) , predecessor_account_id: unauthorized) ;
277+ contract. submit_execution_header ( headers[ 0 ] . last ( ) . unwrap ( ) . clone ( ) ) ;
278+ }
279+
244280 #[ test]
245281 #[ should_panic( expected = "Invalid finality proof" ) ]
246282 pub fn test_panic_on_invalid_finality_proof ( ) {
0 commit comments