From 750b422ca3609c067078ff0bc69f1c2b9f132be8 Mon Sep 17 00:00:00 2001
From: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
Date: Mon, 4 Nov 2024 15:47:55 +0900
Subject: [PATCH] fix: don't just execute arbitrary approved instructions

Signed-off-by: Shunkichi Sato <49983831+s8sato@users.noreply.github.com>
---
 .../default_executor/src/multisig/transaction.rs | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/wasm/libs/default_executor/src/multisig/transaction.rs b/wasm/libs/default_executor/src/multisig/transaction.rs
index d4e3d5f3b99..51bbe47a51b 100644
--- a/wasm/libs/default_executor/src/multisig/transaction.rs
+++ b/wasm/libs/default_executor/src/multisig/transaction.rs
@@ -240,16 +240,12 @@ impl VisitExecute for MultisigApprove {
             .dbg_unwrap();
 
             if !is_expired {
-                // Execute instructions proposal which collected enough approvals
-                for isi in instructions {
-                    match isi {
-                        InstructionBox::Custom(instruction) => {
-                            let mut executor = executor.clone();
-                            executor.context_mut().authority = target_account.clone();
-                            visit_custom(&mut executor, &instruction)
-                        }
-                        builtin => host.submit(&builtin).dbg_unwrap(),
-                    }
+                // Validate and execute the authenticated multisig transaction
+                for instruction in instructions {
+                    // Create an instance per instruction to reset the context mutation
+                    let mut executor = executor.clone();
+                    executor.context_mut().authority = target_account.clone();
+                    executor.visit_instruction(&instruction)
                 }
             } else {
                 // TODO Notify that the proposal has expired, while returning Ok for the entry deletion to take effect