z0_filetest.gno

 1// PKGPATH: gno.land/r/test/exploit
 2package exploit
 3
 4import (
 5	"gno.land/r/gov/dao/v3/memberstore"
 6)
 7
 8func main() {
 9	// After the fix, memberstore.Tiers is no longer accessible (lowercase 'tiers')
10	// External realms can only use the safe accessor functions:
11	// - memberstore.GetTier(name) - read-only tier access
12	// - memberstore.IterateTiers(fn) - read-only iteration
13	// - memberstore.GetTierPower(name, members) - calculated power
14
15	// Verify we can still READ tier data via the safe accessor
16	t3, ok := memberstore.GetTier(memberstore.T3)
17	if !ok {
18		panic("T3 tier not found")
19	}
20	println("T3 BasePower (read-only):", t3.BasePower)
21	println("T3 InvitationPoints (read-only):", t3.InvitationPoints)
22
23	// The following lines would cause a compile error if uncommented:
24	// memberstore.Tiers.Set(...) // ERROR: Tiers is not exported (lowercase)
25
26	// Iterate over tiers (read-only)
27	println("All tiers:")
28	memberstore.IterateTiers(func(name string, tier memberstore.Tier) bool {
29		println("  -", name, "BasePower:", tier.BasePower)
30		return false
31	})
32
33	println("Security fix verified: external realms cannot modify tiers")
34}
35
36// Output:
37// T3 BasePower (read-only): 1
38// T3 InvitationPoints (read-only): 1
39// All tiers:
40//   - T1 BasePower: 3
41//   - T2 BasePower: 2
42//   - T3 BasePower: 1
43// Security fix verified: external realms cannot modify tiers