fix nonce

app-libs/stf/src/stf_sgx.rs

@@ -313,8 +313,8 @@ where
 				// no signature check will happen. Still, we need to supply that field with a fake value.
 				let fake_signature =
 					Signature::Sr25519([0u8; 64].as_slice().try_into().expect("must work"));
-				let enclave_nonce =
-					System::account_nonce(enclave_signer_account::<AccountId>()).saturating_add(1);
+				let mut enclave_nonce =
+					System::account_nonce(enclave_signer_account::<AccountId>());
 				let genesis_hash = shielding_target_genesis_hash().unwrap_or_default();
 				for account in accounts {
 					info!("force unshield all for {:?}", account_id_to_string(&account));
@@ -327,7 +327,7 @@ where
 									account.clone(),
 									Some(asset_id),
 								),
-								nonce: enclave_nonce, //nonce will no longer increase as we bypass signature check
+								nonce: enclave_nonce,
 								delegate: None,
 								signature: fake_signature.clone(),
 							};
@@ -342,6 +342,7 @@ where
 									);
 								})
 								.ok();
+							enclave_nonce += 1;
 						}
 					}
 					if System::account(&account).data.free > 0 {
@@ -365,6 +366,7 @@ where
 								);
 							})
 							.ok();
+						enclave_nonce += 1;
 					}
 				}
 				Ok(())

app-libs/stf/src/trusted_call.rs

@@ -300,7 +300,7 @@ where
 	) -> Result<(), Self::Error> {
 		let _role = ensure_authorization(&self)?;
 		// todo! spending limits according to role https://github.com/integritee-network/worker/issues/1656
-		ensure!(may_execute(&self), Self::Error::Filtered);
+
 		let sender = self.call.sender_account().clone();
 		let call_hash = blake2_256(&self.call.encode());
 		let system_nonce = System::account_nonce(&sender);
@@ -314,6 +314,8 @@ where
 		// so it should be considered as valid
 		System::inc_account_nonce(&sender);
 
+		ensure!(may_execute(&self), Self::Error::Filtered);
+
 		match self.call.clone() {
 			TrustedCall::noop(who) => {
 				debug!("noop called by {}", account_id_to_string(&who),);