From 3243e631b5972de120419b38ba0f75a957d10121 Mon Sep 17 00:00:00 2001
From: Branislav Kontur <bkontur@gmail.com>
Date: Tue, 18 Feb 2025 10:47:24 +0100
Subject: [PATCH] Dedicated enum variant `NotAuthorizedCode`

---
 polkadot/runtime/parachains/src/paras/mod.rs   | 16 ++++++++++------
 polkadot/runtime/parachains/src/paras/tests.rs |  8 ++++----
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/polkadot/runtime/parachains/src/paras/mod.rs b/polkadot/runtime/parachains/src/paras/mod.rs
index 78bbc499250..1388f7c19af 100644
--- a/polkadot/runtime/parachains/src/paras/mod.rs
+++ b/polkadot/runtime/parachains/src/paras/mod.rs
@@ -709,6 +709,8 @@ pub mod pallet {
 		CannotUpgradeCode,
 		/// Invalid validation code size.
 		InvalidCode,
+		/// The given code is not authorized.
+		NotAuthorizedCode,
 	}
 
 	/// All currently active PVF pre-checking votes.
@@ -1202,12 +1204,14 @@ pub mod pallet {
 		) -> DispatchResultWithPostInfo {
 			// no need to ensure, anybody can do this
 
-			// check `new_code` is authorized
-			let Some(authorized_code_hash) = AuthorizedCodeHash::<T>::take(&para) else {
-				return Err(Error::<T>::CannotUpgradeCode.into())
-			};
-			let new_code_hash = new_code.hash();
-			ensure!(new_code_hash == authorized_code_hash, Error::<T>::CannotUpgradeCode);
+			// Ensure `new_code` is authorized
+			if let Some(authorized_code_hash) = AuthorizedCodeHash::<T>::take(&para) {
+				if new_code.hash() != authorized_code_hash {
+					return Err(Error::<T>::NotAuthorizedCode.into());
+				}
+			} else {
+				return Err(Error::<T>::NotAuthorizedCode.into());
+			}
 
 			// TODO: FAIL-CI - more validations?
 
diff --git a/polkadot/runtime/parachains/src/paras/tests.rs b/polkadot/runtime/parachains/src/paras/tests.rs
index 61324632f6b..2eb1bf593b2 100644
--- a/polkadot/runtime/parachains/src/paras/tests.rs
+++ b/polkadot/runtime/parachains/src/paras/tests.rs
@@ -2041,7 +2041,7 @@ fn authorize_and_apply_set_current_code_works() {
 				para_a,
 				code_1.clone()
 			),
-			Error::<Test>::CannotUpgradeCode,
+			Error::<Test>::NotAuthorizedCode,
 		);
 
 		// non-root user cannot authorize
@@ -2066,7 +2066,7 @@ fn authorize_and_apply_set_current_code_works() {
 				para_a,
 				code_2.clone()
 			),
-			Error::<Test>::CannotUpgradeCode,
+			Error::<Test>::NotAuthorizedCode,
 		);
 		assert_eq!(AuthorizedCodeHash::<Test>::get(para_a), Some(code_1_hash));
 		assert!(CurrentCodeHash::<Test>::get(para_a).is_none());
@@ -2111,7 +2111,7 @@ fn authorize_and_apply_set_current_code_works() {
 				para_a,
 				code_1.clone()
 			),
-			Error::<Test>::CannotUpgradeCode,
+			Error::<Test>::NotAuthorizedCode,
 		);
 		assert_err!(
 			Paras::apply_authorized_force_set_current_code(
@@ -2119,7 +2119,7 @@ fn authorize_and_apply_set_current_code_works() {
 				para_a,
 				code_2.clone()
 			),
-			Error::<Test>::CannotUpgradeCode,
+			Error::<Test>::NotAuthorizedCode,
 		);
 
 		// apply just authorized
-- 
GitLab