Merge pull request #3744 from autonomys/restrict_zero_account_transfers

vedhavyas · web-flow · commit 78ba4ad2faaf · 2026-01-30T10:19:48.000Z
ensure dst_location does not allow xdm transfers to zero account on substrate as well
diff --git a/domains/pallets/transporter/src/lib.rs b/domains/pallets/transporter/src/lib.rs
@@ -49,6 +49,7 @@ pub use weights::WeightInfo;
 /// Zero EVM address.
 /// Used to ensure dst_account is not ZERO address.
 const ZERO_EVM_ADDRESS: MultiAccountId = MultiAccountId::AccountId20([0; 20]);
+const ZERO_SUBSTRATE_ADDRESS: MultiAccountId = MultiAccountId::AccountId32([0; 32]);
 
 /// Location that either sends or receives transfers between chains.
 #[derive(Debug, Encode, Decode, Clone, Eq, PartialEq, TypeInfo, DecodeWithMemTracking)]
@@ -83,7 +84,7 @@ mod pallet {
     use crate::weights::WeightInfo;
     use crate::{
         BalanceOf, Location, MessageIdOf, MultiAccountId, Transfer, TryConvertBack,
-        ZERO_EVM_ADDRESS,
+        ZERO_EVM_ADDRESS, ZERO_SUBSTRATE_ADDRESS,
     };
     #[cfg(not(feature = "std"))]
     use alloc::vec::Vec;
@@ -265,6 +266,11 @@ mod pallet {
                 Error::<T>::InvalidAccountId
             );
 
+            ensure!(
+                dst_location.account_id != ZERO_SUBSTRATE_ADDRESS,
+                Error::<T>::InvalidAccountId
+            );
+
             // burn transfer amount
             let _imbalance = T::Currency::withdraw(
                 &sender,
diff --git a/domains/pallets/transporter/src/tests.rs b/domains/pallets/transporter/src/tests.rs
@@ -195,6 +195,23 @@ fn test_transfer_invalid_account_id() {
     })
 }
 
+#[test]
+fn test_transfer_invalid_account_id_substrate() {
+    new_test_ext().execute_with(|| {
+        let account = USER_ACCOUNT;
+        let amount: Balance = 500;
+        // transfer 500 to dst_chain id 1
+        let dst_chain_id: ChainId = 1.into();
+        let dst_location = Location {
+            chain_id: dst_chain_id,
+            account_id: MultiAccountId::AccountId32([0; 32]),
+        };
+
+        let res = Transporter::transfer(RuntimeOrigin::signed(account), dst_location, amount);
+        assert_err!(res, Error::<MockRuntime>::InvalidAccountId)
+    })
+}
+
 #[test]
 fn test_transfer_response_revert() {
     new_test_ext().execute_with(|| {
