diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e805e4fcc..d0ce5a0e5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ * [#1610](https://github.com/crypto-org-chain/cronos/pull/1610) Sync e2ee module with v1.3.x branch. * [#1612](https://github.com/crypto-org-chain/cronos/pull/1612) Support ibc channel upgrade related methods. * [#1614](https://github.com/crypto-org-chain/cronos/pull/1614) Bump cosmos-sdk to v0.50.10. +* [#1613](https://github.com/crypto-org-chain/cronos/pull/1613) Check admin sender for MsgStoreBlockList in check tx. ### Bug Fixes diff --git a/app/app.go b/app/app.go index 946ea821dd..b1264420b8 100644 --- a/app/app.go +++ b/app/app.go @@ -1106,7 +1106,7 @@ func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64, bl blockedMap[addr.String()] = struct{}{} } - blockAddressDecorator := NewBlockAddressesDecorator(blockedMap) + blockAddressDecorator := NewBlockAddressesDecorator(blockedMap, app.CronosKeeper.GetParams) options := evmante.HandlerOptions{ AccountKeeper: app.AccountKeeper, BankKeeper: app.BankKeeper, diff --git a/app/block_address.go b/app/block_address.go index 4fc3e4cfd1..76e41ce8d8 100644 --- a/app/block_address.go +++ b/app/block_address.go @@ -3,18 +3,26 @@ package app import ( "fmt" + "cosmossdk.io/errors" sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/cosmos/cosmos-sdk/x/auth/signing" + "github.com/crypto-org-chain/cronos/v2/x/cronos/types" ) // BlockAddressesDecorator block addresses from sending transactions type BlockAddressesDecorator struct { blockedMap map[string]struct{} + getParams func(ctx sdk.Context) types.Params } -func NewBlockAddressesDecorator(blacklist map[string]struct{}) BlockAddressesDecorator { +func NewBlockAddressesDecorator( + blacklist map[string]struct{}, + getParams func(ctx sdk.Context) types.Params, +) BlockAddressesDecorator { return BlockAddressesDecorator{ blockedMap: blacklist, + getParams: getParams, } } @@ -31,6 +39,14 @@ func (bad BlockAddressesDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simula } } } + admin := bad.getParams(ctx).CronosAdmin + for _, msg := range tx.GetMsgs() { + if blocklistMsg, ok := msg.(*types.MsgStoreBlockList); ok { + if admin != blocklistMsg.From { + return ctx, errors.Wrap(sdkerrors.ErrUnauthorized, "msg sender is not authorized") + } + } + } } return next(ctx, tx, simulate) } diff --git a/x/cronos/types/messages.go b/x/cronos/types/messages.go index a0064f748a..5b342e4070 100644 --- a/x/cronos/types/messages.go +++ b/x/cronos/types/messages.go @@ -12,15 +12,7 @@ import ( "github.com/ethereum/go-ethereum/common" ) -const ( - TypeMsgConvertVouchers = "ConvertVouchers" - TypeMsgTransferTokens = "TransferTokens" - TypeMsgUpdateTokenMapping = "UpdateTokenMapping" - TypeMsgUpdateParams = "UpdateParams" - TypeMsgTurnBridge = "TurnBridge" - TypeMsgUpdatePermissions = "UpdatePermissions" - TypeMsgStoreBlockList = "StoreBlockList" -) +const TypeMsgUpdateTokenMapping = "UpdateTokenMapping" var ( _ sdk.Msg = &MsgConvertVouchers{} @@ -39,31 +31,6 @@ func NewMsgConvertVouchers(address string, coins sdk.Coins) *MsgConvertVouchers } } -// Route ... -func (msg MsgConvertVouchers) Route() string { - return RouterKey -} - -// Type ... -func (msg MsgConvertVouchers) Type() string { - return TypeMsgConvertVouchers -} - -// GetSigners ... -func (msg *MsgConvertVouchers) GetSigners() []sdk.AccAddress { - address, err := sdk.AccAddressFromBech32(msg.Address) - if err != nil { - panic(err) - } - return []sdk.AccAddress{address} -} - -// GetSignBytes ... -func (msg *MsgConvertVouchers) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - // ValidateBasic ... func (msg *MsgConvertVouchers) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.Address) @@ -90,31 +57,6 @@ func NewMsgTransferTokens(from string, to string, coins sdk.Coins) *MsgTransferT } } -// Route ... -func (msg MsgTransferTokens) Route() string { - return RouterKey -} - -// Type ... -func (msg MsgTransferTokens) Type() string { - return TypeMsgTransferTokens -} - -// GetSigners ... -func (msg *MsgTransferTokens) GetSigners() []sdk.AccAddress { - from, err := sdk.AccAddressFromBech32(msg.From) - if err != nil { - panic(err) - } - return []sdk.AccAddress{from} -} - -// GetSignBytes ... -func (msg *MsgTransferTokens) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - // ValidateBasic ... func (msg *MsgTransferTokens) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.From) @@ -174,22 +116,11 @@ func (msg *MsgUpdateTokenMapping) ValidateBasic() error { return nil } -// Route ... -func (msg MsgUpdateTokenMapping) Route() string { - return RouterKey -} - // Type ... func (msg MsgUpdateTokenMapping) Type() string { return TypeMsgUpdateTokenMapping } -// GetSignBytes ... -func (msg *MsgUpdateTokenMapping) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - // NewMsgTurnBridge ... func NewMsgTurnBridge(admin string, enable bool) *MsgTurnBridge { return &MsgTurnBridge{ @@ -198,15 +129,6 @@ func NewMsgTurnBridge(admin string, enable bool) *MsgTurnBridge { } } -// GetSigners ... -func (msg *MsgTurnBridge) GetSigners() []sdk.AccAddress { - sender, err := sdk.AccAddressFromBech32(msg.Sender) - if err != nil { - panic(err) - } - return []sdk.AccAddress{sender} -} - // ValidateBasic ... func (msg *MsgTurnBridge) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.Sender) @@ -217,22 +139,6 @@ func (msg *MsgTurnBridge) ValidateBasic() error { return nil } -// Route ... -func (msg MsgTurnBridge) Route() string { - return RouterKey -} - -// Type ... -func (msg MsgTurnBridge) Type() string { - return TypeMsgTurnBridge -} - -// GetSignBytes ... -func (msg *MsgTurnBridge) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - func NewMsgUpdateParams(authority string, params Params) *MsgUpdateParams { return &MsgUpdateParams{ Authority: authority, @@ -240,15 +146,6 @@ func NewMsgUpdateParams(authority string, params Params) *MsgUpdateParams { } } -// GetSigners returns the expected signers for a MsgUpdateParams message. -func (msg *MsgUpdateParams) GetSigners() []sdk.AccAddress { - addr, err := sdk.AccAddressFromBech32(msg.Authority) - if err != nil { - panic(err) - } - return []sdk.AccAddress{addr} -} - // ValidateBasic does a sanity check on the provided data. func (msg *MsgUpdateParams) ValidateBasic() error { if _, err := sdk.AccAddressFromBech32(msg.Authority); err != nil { @@ -262,22 +159,6 @@ func (msg *MsgUpdateParams) ValidateBasic() error { return nil } -// Route ... -func (msg MsgUpdateParams) Route() string { - return RouterKey -} - -// Type ... -func (msg MsgUpdateParams) Type() string { - return TypeMsgUpdateParams -} - -// GetSignBytes ... -func (msg *MsgUpdateParams) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - // NewMsgUpdatePermissions ... func NewMsgUpdatePermissions(from string, address string, permissions uint64) *MsgUpdatePermissions { return &MsgUpdatePermissions{ @@ -287,15 +168,6 @@ func NewMsgUpdatePermissions(from string, address string, permissions uint64) *M } } -// GetSigners ... -func (msg *MsgUpdatePermissions) GetSigners() []sdk.AccAddress { - sender, err := sdk.AccAddressFromBech32(msg.From) - if err != nil { - panic(err) - } - return []sdk.AccAddress{sender} -} - // ValidateBasic ... func (msg *MsgUpdatePermissions) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.From) @@ -310,22 +182,6 @@ func (msg *MsgUpdatePermissions) ValidateBasic() error { return nil } -// Route ... -func (msg MsgUpdatePermissions) Route() string { - return RouterKey -} - -// Type ... -func (msg MsgUpdatePermissions) Type() string { - return TypeMsgUpdatePermissions -} - -// GetSignBytes ... -func (msg *MsgUpdatePermissions) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - func NewMsgStoreBlockList(from string, blob []byte) *MsgStoreBlockList { return &MsgStoreBlockList{ From: from, @@ -346,35 +202,11 @@ func (msg *MsgStoreBlockList) ValidateBasic() error { if err != nil { return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid sender address (%s)", err) } - + // skip heavy operation in Decrypt by early return with errDummyIdentity in + // https://github.com/FiloSottile/age/blob/v1.1.1/age.go#L197 _, err = age.Decrypt(bytes.NewBuffer(msg.Blob), new(dummyIdentity)) if err != nil && err != errDummyIdentity { return err } return nil } - -func (msg *MsgStoreBlockList) GetSigners() []sdk.AccAddress { - addr, err := sdk.AccAddressFromBech32(msg.From) - if err != nil { - panic(err) - } - - return []sdk.AccAddress{addr} -} - -// GetSignBytes ... -func (msg *MsgStoreBlockList) GetSignBytes() []byte { - bz := ModuleCdc.MustMarshalJSON(msg) - return sdk.MustSortJSON(bz) -} - -// Route ... -func (msg MsgStoreBlockList) Route() string { - return RouterKey -} - -// Type ... -func (msg MsgStoreBlockList) Type() string { - return TypeMsgStoreBlockList -} diff --git a/x/cronos/types/messages_test.go b/x/cronos/types/messages_test.go index 5cf7510524..ac2265daa1 100644 --- a/x/cronos/types/messages_test.go +++ b/x/cronos/types/messages_test.go @@ -1,16 +1,20 @@ package types_test import ( + "bytes" "fmt" + "log" "testing" - "github.com/crypto-org-chain/cronos/v2/app" + "filippo.io/age" + sdk "github.com/cosmos/cosmos-sdk/types" + cmdcfg "github.com/crypto-org-chain/cronos/v2/cmd/cronosd/config" "github.com/crypto-org-chain/cronos/v2/x/cronos/types" "github.com/stretchr/testify/require" ) func TestValidateMsgUpdateTokenMapping(t *testing.T) { - app.SetConfig() + cmdcfg.SetBech32Prefixes(sdk.GetConfig()) testCases := []struct { name string @@ -54,3 +58,68 @@ func TestValidateMsgUpdateTokenMapping(t *testing.T) { }) } } + +func TestValidateMsgStoreBlockList(t *testing.T) { + cmdcfg.SetBech32Prefixes(sdk.GetConfig()) + + publicKey := "age1cy0su9fwf3gf9mw868g5yut09p6nytfmmnktexz2ya5uqg9vl9sss4euqm" + recipient, err := age.ParseX25519Recipient(publicKey) + if err != nil { + log.Fatalf("Failed to parse public key %q: %v", publicKey, err) + } + + from := "crc12luku6uxehhak02py4rcz65zu0swh7wjsrw0pp" + blob := []byte("valid blob data") + testCases := []struct { + name string + msg *types.MsgStoreBlockList + noEncrypt bool + expectError bool + errorMsg string + }{ + { + "valid message", + types.NewMsgStoreBlockList(from, blob), + false, + false, + "", + }, + { + "invalid sender address", + types.NewMsgStoreBlockList("invalid", blob), + false, + true, + "invalid sender address", + }, + { + "decryption error", + types.NewMsgStoreBlockList(from, blob), + true, + true, + "failed to read header", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + if !tc.noEncrypt { + out := new(bytes.Buffer) + w, err := age.Encrypt(out, recipient) + require.NoError(t, err) + _, err = w.Write(tc.msg.Blob) + require.NoError(t, err) + err = w.Close() + require.NoError(t, err) + tc.msg.Blob = out.Bytes() + } + + err = tc.msg.ValidateBasic() + if tc.expectError { + require.Error(t, err) + require.Contains(t, err.Error(), tc.errorMsg) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/x/e2ee/types/msg.go b/x/e2ee/types/msg.go index 85b2ec0cfc..d0770a82b9 100644 --- a/x/e2ee/types/msg.go +++ b/x/e2ee/types/msg.go @@ -21,11 +21,3 @@ func ValidateRecipientKey(key string) error { _, err := age.ParseX25519Recipient(key) return err } - -func (m *MsgRegisterEncryptionKey) GetSigners() []sdk.AccAddress { - addr, err := sdk.AccAddressFromBech32(m.Address) - if err != nil { - panic(err) - } - return []sdk.AccAddress{addr} -}