chore(erc20-bridge): protect wallet balance read

[williamrusdyputra]

Related Problem

resolves: https://github.com/trufnetwork/truf-network/issues/1186

How Has This Been Tested?

Summary by CodeRabbit

• New Features
  • Added runtime permission checks for ERC20 bridge actions across supported networks.
  • Wallet balance reads and admin token operations now require appropriate access; unauthorized requests are blocked.
  • Improved, user-friendly error messages when permissions are insufficient.
  • No behavioral changes for authorized users; existing functionality continues as before.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Introduces runtime role checks for ERC20 bridge SQL actions. Normalizes caller to lowercase and verifies membership in system:erc20_bridge_writer before allowing wallet balance reads and admin actions (lock, unlock, issue) for Sepolia and Mainnet. On failure, raises specific error messages; on success, delegates to existing bridge procedures.

Changes

Cohort / File(s)	Summary
ERC20 bridge actions access control internal/migrations/erc20-bridge/001-actions.sql	Added are_members_of('system','erc20_bridge_writer', ARRAY[lower(caller)]) checks gating wallet_balance and admin actions (lock/unlock/issue) for Sepolia/Mainnet; standardized lowercase caller handling; introduced specific error messages per action; preserved NUMERIC(78,0) amount handling and delegation to existing bridge functions.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Caller
  participant A as ERC20 Bridge Action
  participant AC as Permission Check
  participant SB as Sepolia Bridge
  participant MB as Mainnet Bridge

  C->>A: invoke action (wallet_balance / lock / unlock / issue)
  A->>AC: lower(caller) and are_members_of('system','erc20_bridge_writer', [caller])
  alt Not a member
    AC-->>A: deny
    A-->>C: raise error (action-specific message)
  else Is member
    AC-->>A: allow
    alt Network = SEPOLIA
      A->>SB: call balance / lock_admin / unlock / issue
      SB-->>A: result
    else Network = MAINNET
      A->>MB: call balance / lock_admin / unlock / issue
      MB-->>A: result
    end
    A-->>C: return result
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(erc20-bridge): issue TRUF tokens to layer-1 #1150 — Touches the same SQL file adding admin issue actions; current PR gates those with runtime checks.
• feat(erc20-bridge): lock and unlock TRUF tokens #1145 — Introduced lock/unlock admin actions in the same actions file; current PR adds role checks around them.
• chore(erc20-bridge): protect admin actions #1151 — Also modifies the same ERC20 bridge admin actions; current PR extends checks to wallet balance reads.

Suggested reviewers

• MicBun

Poem

I twitch my whiskers, guard the gate,
Keys in paw decide the fate.
Writers only, hop on through—
Sepolia, Mainnet, checked for you.
Lock, unlock, and issue true,
With role in paw, permissions due.
(_/)>✅

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b4e0995 and cf0ebec.

📒 Files selected for processing (1)

• internal/migrations/erc20-bridge/001-actions.sql (2 hunks)

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/protect-balance-read

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[holdex]

Time Submission Status

Member	Status	Time	Action	Last Update
williamrusdyputra	✅ Submitted	20min	Update time	Sep 11, 2025, 9:27 AM
MicBun	✅ Submitted	20min	Update time	Sep 11, 2025, 10:51 PM

[MicBun]

lgtm