-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into ud/del-unused
- Loading branch information
Showing
5 changed files
with
208 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
package ante_test | ||
|
||
import ( | ||
"time" | ||
|
||
sdkclienttx "github.com/cosmos/cosmos-sdk/client/tx" | ||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
"github.com/cosmos/cosmos-sdk/x/authz" | ||
banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" | ||
stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" | ||
|
||
"github.com/NibiruChain/nibiru/v2/app" | ||
"github.com/NibiruChain/nibiru/v2/app/ante" | ||
"github.com/NibiruChain/nibiru/v2/x/evm" | ||
"github.com/NibiruChain/nibiru/v2/x/evm/evmtest" | ||
) | ||
|
||
func (s *AnteTestSuite) TestAnteDecoratorAuthzGuard() { | ||
testCases := []struct { | ||
name string | ||
txMsg func() sdk.Msg | ||
wantErr string | ||
}{ | ||
{ | ||
name: "sad: authz generic grant with evm message", | ||
txMsg: func() sdk.Msg { | ||
someTime := time.Now() | ||
expiryTime := someTime.Add(time.Hour) | ||
genericGrant, err := authz.NewGrant( | ||
someTime, | ||
authz.NewGenericAuthorization(sdk.MsgTypeURL(&evm.MsgEthereumTx{})), &expiryTime, | ||
) | ||
s.Require().NoError(err) | ||
return &authz.MsgGrant{Grant: genericGrant} | ||
}, | ||
wantErr: "not allowed", | ||
}, | ||
{ | ||
name: "happy: authz generic grant with non evm message", | ||
txMsg: func() sdk.Msg { | ||
someTime := time.Now() | ||
expiryTime := someTime.Add(time.Hour) | ||
genericGrant, err := authz.NewGrant( | ||
someTime, | ||
authz.NewGenericAuthorization(sdk.MsgTypeURL(&stakingtypes.MsgCreateValidator{})), &expiryTime, | ||
) | ||
s.Require().NoError(err) | ||
return &authz.MsgGrant{Grant: genericGrant} | ||
}, | ||
wantErr: "", | ||
}, | ||
{ | ||
name: "happy: authz non generic grant", | ||
txMsg: func() sdk.Msg { | ||
someTime := time.Now() | ||
expiryTime := someTime.Add(time.Hour) | ||
genericGrant, err := authz.NewGrant( | ||
someTime, | ||
&banktypes.SendAuthorization{}, | ||
&expiryTime, | ||
) | ||
s.Require().NoError(err) | ||
return &authz.MsgGrant{Grant: genericGrant} | ||
}, | ||
wantErr: "", | ||
}, | ||
{ | ||
name: "happy: non authz message", | ||
txMsg: func() sdk.Msg { | ||
return &evm.MsgEthereumTx{} | ||
}, | ||
wantErr: "", | ||
}, | ||
{ | ||
name: "sad: authz exec with a single evm message", | ||
txMsg: func() sdk.Msg { | ||
msgExec := authz.NewMsgExec( | ||
sdk.AccAddress("nibiuser"), | ||
[]sdk.Msg{ | ||
&evm.MsgEthereumTx{}, | ||
}, | ||
) | ||
return &msgExec | ||
}, | ||
wantErr: "ExtensionOptionsEthereumTx", | ||
}, | ||
{ | ||
name: "sad: authz exec with evm message and non evm message", | ||
txMsg: func() sdk.Msg { | ||
msgExec := authz.NewMsgExec( | ||
sdk.AccAddress("nibiuser"), | ||
[]sdk.Msg{ | ||
&banktypes.MsgSend{}, | ||
&evm.MsgEthereumTx{}, | ||
}, | ||
) | ||
return &msgExec | ||
}, | ||
wantErr: "ExtensionOptionsEthereumTx", | ||
}, | ||
{ | ||
name: "happy: authz exec without evm messages", | ||
txMsg: func() sdk.Msg { | ||
msgExec := authz.NewMsgExec( | ||
sdk.AccAddress("nibiuser"), | ||
[]sdk.Msg{ | ||
&banktypes.MsgSend{}, | ||
}, | ||
) | ||
return &msgExec | ||
}, | ||
wantErr: "", | ||
}, | ||
} | ||
|
||
for _, tc := range testCases { | ||
s.Run(tc.name, func() { | ||
deps := evmtest.NewTestDeps() | ||
anteDec := ante.AnteDecoratorAuthzGuard{} | ||
|
||
encCfg := app.MakeEncodingConfig() | ||
txBuilder, err := sdkclienttx.Factory{}. | ||
WithChainID(s.ctx.ChainID()). | ||
WithTxConfig(encCfg.TxConfig). | ||
BuildUnsignedTx(tc.txMsg()) | ||
s.Require().NoError(err) | ||
|
||
_, err = anteDec.AnteHandle( | ||
deps.Ctx, txBuilder.GetTx(), false, evmtest.NextNoOpAnteHandler, | ||
) | ||
if tc.wantErr != "" { | ||
s.Require().ErrorContains(err, tc.wantErr) | ||
return | ||
} | ||
s.Require().NoError(err) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,67 @@ | ||
// Copyright (c) 2023-2024 Nibi, Inc. | ||
package ante | ||
|
||
// TODO: https://github.com/NibiruChain/nibiru/issues/1915 | ||
// feat(ante): Add an authz guard to disable authz Ethereum txs and provide | ||
// additional security around the default functionality exposed by the module. | ||
// | ||
// Implemenetation Notes | ||
// UD-NOTE - IsAuthzMessage fn. Use authz import with module name | ||
// UD-NOTE - Define set of disabled txMsgs | ||
import ( | ||
"cosmossdk.io/errors" | ||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
errortypes "github.com/cosmos/cosmos-sdk/types/errors" | ||
"github.com/cosmos/cosmos-sdk/x/authz" | ||
|
||
"github.com/NibiruChain/nibiru/v2/x/evm" | ||
) | ||
|
||
// AnteDecoratorAuthzGuard filters autz messages | ||
type AnteDecoratorAuthzGuard struct{} | ||
|
||
// AnteHandle rejects "authz grant generic --msg-type '/eth.evm.v1.MsgEthereumTx'" | ||
// Also rejects authz exec tx.json with any MsgEthereumTx inside | ||
func (rmd AnteDecoratorAuthzGuard) AnteHandle( | ||
ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler, | ||
) (newCtx sdk.Context, err error) { | ||
for _, msg := range tx.GetMsgs() { | ||
// Do not allow grant for MsgEthereumTx | ||
if msgGrant, ok := msg.(*authz.MsgGrant); ok { | ||
if msgGrant.Grant.Authorization == nil { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrInvalidType, | ||
"grant authorization is missing", | ||
) | ||
} | ||
authorization, err := msgGrant.Grant.GetAuthorization() | ||
if err != nil { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrInvalidType, | ||
"failed unmarshaling generic authorization %s", err, | ||
) | ||
} | ||
if genericAuth, ok := authorization.(*authz.GenericAuthorization); ok { | ||
if genericAuth.MsgTypeURL() == sdk.MsgTypeURL(&evm.MsgEthereumTx{}) { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrNotSupported, | ||
"authz grant generic for msg type %s is not allowed", | ||
genericAuth.MsgTypeURL(), | ||
) | ||
} | ||
} | ||
} | ||
// Also reject MsgEthereumTx in exec | ||
if msgExec, ok := msg.(*authz.MsgExec); ok { | ||
msgsInExec, err := msgExec.GetMessages() | ||
if err != nil { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrInvalidType, | ||
"failed getting exec messages %s", err, | ||
) | ||
} | ||
for _, msgInExec := range msgsInExec { | ||
if _, ok := msgInExec.(*evm.MsgEthereumTx); ok { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrInvalidType, | ||
"MsgEthereumTx needs to be contained within a tx with 'ExtensionOptionsEthereumTx' option", | ||
) | ||
} | ||
} | ||
} | ||
} | ||
return next(ctx, tx, simulate) | ||
} |