-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(evm): ante handler to prohibit authz grant evm messages
- Loading branch information
1 parent
6ba79bb
commit 660f7e8
Showing
4 changed files
with
149 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
package ante_test | ||
|
||
import ( | ||
"time" | ||
|
||
sdkclienttx "github.com/cosmos/cosmos-sdk/client/tx" | ||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
"github.com/cosmos/cosmos-sdk/x/authz" | ||
banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" | ||
stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" | ||
|
||
"github.com/NibiruChain/nibiru/v2/app" | ||
"github.com/NibiruChain/nibiru/v2/app/ante" | ||
"github.com/NibiruChain/nibiru/v2/x/evm" | ||
"github.com/NibiruChain/nibiru/v2/x/evm/evmtest" | ||
) | ||
|
||
func (s *AnteTestSuite) TestAnteDecoratorAuthzGuard() { | ||
testCases := []struct { | ||
name string | ||
txMsg func() sdk.Msg | ||
wantErr string | ||
}{ | ||
{ | ||
name: "sad: authz generic grant with evm message", | ||
txMsg: func() sdk.Msg { | ||
someTime := time.Now() | ||
expiryTime := someTime.Add(time.Hour) | ||
genericGrant, err := authz.NewGrant( | ||
someTime, | ||
authz.NewGenericAuthorization(sdk.MsgTypeURL(&evm.MsgEthereumTx{})), &expiryTime, | ||
) | ||
s.Require().NoError(err) | ||
return &authz.MsgGrant{Grant: genericGrant} | ||
}, | ||
wantErr: "not allowed", | ||
}, | ||
{ | ||
name: "happy: authz generic grant with non evm message", | ||
txMsg: func() sdk.Msg { | ||
someTime := time.Now() | ||
expiryTime := someTime.Add(time.Hour) | ||
genericGrant, err := authz.NewGrant( | ||
someTime, | ||
authz.NewGenericAuthorization(sdk.MsgTypeURL(&stakingtypes.MsgCreateValidator{})), &expiryTime, | ||
) | ||
s.Require().NoError(err) | ||
return &authz.MsgGrant{Grant: genericGrant} | ||
}, | ||
wantErr: "", | ||
}, | ||
{ | ||
name: "happy: authz non generic grant", | ||
txMsg: func() sdk.Msg { | ||
someTime := time.Now() | ||
expiryTime := someTime.Add(time.Hour) | ||
genericGrant, err := authz.NewGrant( | ||
someTime, | ||
&banktypes.SendAuthorization{}, | ||
&expiryTime, | ||
) | ||
s.Require().NoError(err) | ||
return &authz.MsgGrant{Grant: genericGrant} | ||
}, | ||
wantErr: "", | ||
}, | ||
{ | ||
name: "happy: non authz message", | ||
txMsg: func() sdk.Msg { | ||
return &evm.MsgEthereumTx{} | ||
}, | ||
wantErr: "", | ||
}, | ||
} | ||
|
||
for _, tc := range testCases { | ||
s.Run(tc.name, func() { | ||
deps := evmtest.NewTestDeps() | ||
anteDec := ante.AnteDecoratorAuthzGuard{} | ||
|
||
encCfg := app.MakeEncodingConfig() | ||
txBuilder, err := sdkclienttx.Factory{}. | ||
WithChainID(s.ctx.ChainID()). | ||
WithTxConfig(encCfg.TxConfig). | ||
BuildUnsignedTx(tc.txMsg()) | ||
s.Require().NoError(err) | ||
|
||
_, err = anteDec.AnteHandle( | ||
deps.Ctx, txBuilder.GetTx(), false, evmtest.NextNoOpAnteHandler, | ||
) | ||
if tc.wantErr != "" { | ||
s.Require().ErrorContains(err, tc.wantErr) | ||
return | ||
} | ||
s.Require().NoError(err) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,51 @@ | ||
// Copyright (c) 2023-2024 Nibi, Inc. | ||
package ante | ||
|
||
// TODO: https://github.com/NibiruChain/nibiru/issues/1915 | ||
// feat(ante): Add an authz guard to disable authz Ethereum txs and provide | ||
// additional security around the default functionality exposed by the module. | ||
// | ||
// Implemenetation Notes | ||
// UD-NOTE - IsAuthzMessage fn. Use authz import with module name | ||
// UD-NOTE - Define set of disabled txMsgs | ||
import ( | ||
"cosmossdk.io/errors" | ||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
errortypes "github.com/cosmos/cosmos-sdk/types/errors" | ||
"github.com/cosmos/cosmos-sdk/x/authz" | ||
"github.com/cosmos/gogoproto/proto" | ||
|
||
"github.com/NibiruChain/nibiru/v2/x/evm" | ||
) | ||
|
||
var genericAuthTypeTurl = "/" + proto.MessageName(&authz.GenericAuthorization{}) | ||
|
||
// AnteDecoratorAuthzGuard filters autz messages | ||
type AnteDecoratorAuthzGuard struct{} | ||
|
||
// AnteHandle rejects "authz grant generic --msg-type '/eth.evm.v1.MsgEthereumTx'" | ||
func (rmd AnteDecoratorAuthzGuard) AnteHandle( | ||
ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler, | ||
) (newCtx sdk.Context, err error) { | ||
for _, msg := range tx.GetMsgs() { | ||
if msgGrant, ok := msg.(*authz.MsgGrant); ok { | ||
if msgGrant.Grant.Authorization == nil { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrInvalidType, | ||
"grant authorization is missing", | ||
) | ||
} | ||
if msgGrant.Grant.Authorization.TypeUrl == genericAuthTypeTurl { | ||
var genericAuth authz.GenericAuthorization | ||
err = proto.Unmarshal(msgGrant.Grant.Authorization.Value, &genericAuth) | ||
if err != nil { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrInvalidType, | ||
"failed unmarshaling generic authorization", | ||
) | ||
} | ||
if genericAuth.MsgTypeURL() == sdk.MsgTypeURL(&evm.MsgEthereumTx{}) { | ||
return ctx, errors.Wrapf( | ||
errortypes.ErrNotSupported, | ||
"authz grant generic for msg type %s is not allowed", | ||
genericAuth.MsgTypeURL(), | ||
) | ||
} | ||
} | ||
} | ||
} | ||
return next(ctx, tx, simulate) | ||
} |