From 859e8d90e2e1ca19f633b6a62ecef887608f6f79 Mon Sep 17 00:00:00 2001
From: Kian Paimani <5588131+kianenigma@users.noreply.github.com>
Date: Fri, 10 Jan 2025 18:19:47 +0000
Subject: [PATCH] Disallow sub identity tweaking with NonTransfer proxy (#518)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

as it can cause free balance to be repatriated from the proxied account
without consent.

---------

Co-authored-by: Bastian Köcher <git@kchr.de>
Co-authored-by: Dónal Murray <donalm@seadanda.dev>
---
 CHANGELOG.md                                        | 4 ++++
 system-parachains/people/people-kusama/src/lib.rs   | 6 +++++-
 system-parachains/people/people-polkadot/src/lib.rs | 6 +++++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index efc2200872..2ece124d38 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Fix missing Encointer democracy pallet hook needed for enactment ([polkadot-fellows/runtimes/pull/508](https://github.com/polkadot-fellows/runtimes/pull/508))
 - Improve benchmark configuration: fix storage whitelist in benchmarks ([polkadot-fellows/runtimes/pull/525](https://github.com/polkadot-fellows/runtimes/pull/525))
 
+### Fixed
+
+- Disallow `add_sub` and `set_subs` from `NonTransfer` proxy type in people chain runtimes ([polkadot-fellows/runtimes#518](https://github.com/polkadot-fellows/runtimes/pull/518))
+
 ### Added
 
 - Location conversion tests for relays and parachains ([polkadot-fellows/runtimes#487](https://github.com/polkadot-fellows/runtimes/pull/487))
diff --git a/system-parachains/people/people-kusama/src/lib.rs b/system-parachains/people/people-kusama/src/lib.rs
index a7030d67d5..abb6f2c213 100644
--- a/system-parachains/people/people-kusama/src/lib.rs
+++ b/system-parachains/people/people-kusama/src/lib.rs
@@ -492,7 +492,11 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 				c,
 				RuntimeCall::Balances { .. } |
 				// `request_judgement` puts up a deposit to transfer to a registrar
-				RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. })
+				RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. }) |
+				// `set_subs` and `add_sub` will take and repatriate deposits from the proxied
+				// account, should not be allowed.
+				RuntimeCall::Identity(pallet_identity::Call::add_sub { .. }) |
+				RuntimeCall::Identity(pallet_identity::Call::set_subs { .. })
 			),
 			ProxyType::CancelProxy => matches!(
 				c,
diff --git a/system-parachains/people/people-polkadot/src/lib.rs b/system-parachains/people/people-polkadot/src/lib.rs
index 31abacce2b..2274aa3d70 100644
--- a/system-parachains/people/people-polkadot/src/lib.rs
+++ b/system-parachains/people/people-polkadot/src/lib.rs
@@ -456,7 +456,11 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 				c,
 				RuntimeCall::Balances { .. } |
 				// `request_judgement` puts up a deposit to transfer to a registrar
-				RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. })
+				RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. }) |
+				// `set_subs` and `add_sub` will take and repatriate deposits from the proxied
+				// account, should not be allowed.
+				RuntimeCall::Identity(pallet_identity::Call::add_sub { .. }) |
+				RuntimeCall::Identity(pallet_identity::Call::set_subs { .. })
 			),
 			ProxyType::CancelProxy => matches!(
 				c,