From 4b53e546a340680c4adc4cc66ce6a9ad8f4d0e54 Mon Sep 17 00:00:00 2001
From: Patrick Schork <354473+pschork@users.noreply.github.com>
Date: Fri, 25 Oct 2024 13:49:11 -0700
Subject: [PATCH] Adds fallback allowlist lookup of authenticated address This
 mitigates a recent incident where allowlist contained a non-checksummed
 address for LayerN, but LayerN requests contained a checksummed address
 resulting in failed rateConfig lookup.

---
 disperser/apiserver/server.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/disperser/apiserver/server.go b/disperser/apiserver/server.go
index e99a9ef53..578cf5622 100644
--- a/disperser/apiserver/server.go
+++ b/disperser/apiserver/server.go
@@ -326,6 +326,15 @@ func (s *DispersalServer) getAccountRate(origin, authenticatedAddress string, qu
 	// Check if the address is in the allowlist
 	if len(authenticatedAddress) > 0 {
 		quorumRates, ok := s.rateConfig.Allowlist[authenticatedAddress]
+		if !ok {
+			// check fallback address (non-checksummed)
+			fallbackAuthenticatedAddress := strings.ToLower(authenticatedAddress)
+			quorumRates, ok = s.rateConfig.Allowlist[fallbackAuthenticatedAddress]
+			if ok {
+				s.logger.Warn("authenticated address found via fallback lookup", "authenticatedAddress", authenticatedAddress, "fallback", fallbackAuthenticatedAddress)
+				authenticatedAddress = fallbackAuthenticatedAddress
+			}
+		}
 		if ok {
 			rateInfo, ok := quorumRates[quorumID]
 			if ok {
@@ -339,7 +348,10 @@ func (s *DispersalServer) getAccountRate(origin, authenticatedAddress string, qu
 				rates.Name = rateInfo.Name
 				return rates, key, nil
 			}
+		} else {
+			s.logger.Warn("authenticated address not found in allowlist", "authenticatedAddress", authenticatedAddress)
 		}
+
 	}
 
 	// Check if the origin is in the allowlist