* added test for receiving tempered certificate

* check certificate order signature before receive_object

fastpay_core/src/client.rs

@@ -791,21 +791,20 @@ where
             account: self.address,
         };
         // Sequentially try each authority in random order.
-        let mut authorities: Vec<AuthorityName> =
-            self.authority_clients.clone().into_keys().collect();
+        let mut authorities: Vec<&AuthorityName> = self.authority_clients.keys().collect();
         // TODO: implement sampling according to stake distribution and using secure RNG. https://github.com/MystenLabs/fastnft/issues/128
         authorities.shuffle(&mut rand::thread_rng());
         // Authority could be byzantine, add timeout to avoid waiting forever.
         for authority_name in authorities {
-            let authority = self.authority_clients.get(&authority_name).unwrap();
+            let authority = self.authority_clients.get(authority_name).unwrap();
             let result = timeout(
                 AUTHORITY_REQUEST_TIMEOUT,
                 authority.handle_account_info_request(request.clone()),
             )
             .map_err(|_| FastPayError::ErrorWhileRequestingInformation)
             .await?;
             if let Ok(AccountInfoResponse { object_ids, .. }) = &result {
-                return Ok((authority_name, object_ids.clone()));
+                return Ok((*authority_name, object_ids.clone()));
             }
         }
         Err(FastPayError::ErrorWhileRequestingInformation)
@@ -1040,6 +1039,7 @@ where
     }
 
     async fn receive_object(&mut self, certificate: &CertifiedOrder) -> Result<(), anyhow::Error> {
+        certificate.check(&self.committee)?;
         match &certificate.order.kind {
             OrderKind::Transfer(transfer) => {
                 fp_ensure!(

fastpay_core/src/unit_tests/client_tests.rs

@@ -1660,5 +1660,34 @@ async fn test_receive_object_error() -> Result<(), anyhow::Error> {
         Some(FastPayError::IncorrectRecipientError)
     ));
 
+    // Test 2: Receive tempered certificate order.
+    let (transfer, sig) = match certificate.order {
+        Order {
+            kind: OrderKind::Transfer(t),
+            signature,
+        } => Some((t, signature)),
+        _ => None,
+    }
+    .unwrap();
+
+    let malformed_order = CertifiedOrder {
+        order: Order {
+            kind: OrderKind::Transfer(Transfer {
+                sender: client1.address,
+                recipient: Address::FastPay(client2.address),
+                object_ref: transfer.object_ref,
+                gas_payment: transfer.gas_payment,
+            }),
+            signature: sig,
+        },
+        signatures: certificate.signatures,
+    };
+
+    let result = client2.receive_object(&malformed_order).await;
+    assert!(matches!(
+        result.unwrap_err().downcast_ref(),
+        Some(FastPayError::InvalidSignature { .. })
+    ));
+
     Ok(())
 }