IBC Rate Limiting Audit Fixes

.gitmodules

@@ -15,7 +15,7 @@
 	path = deps/juno
 	url = https://github.com/CosmosContracts/juno.git
 [submodule "deps/osmosis"]
-	# Commit: v15.1.0
+	# Commit: 08669da8509059980dc964976ee1ca60c84f5c8a
 	path = deps/osmosis
 	url = https://github.com/osmosis-labs/osmosis.git
 [submodule "deps/stargaze"]

app/upgrades.go

@@ -129,6 +129,8 @@ func (app *StrideApp) setupUpgradeHandlers() {
 			Added: []string{ratelimittypes.StoreKey, autopilottypes.StoreKey},
 		}
 	}
+	// TODO: v10 UPGRADE HANDLER
+	// Add module and ICA accounts for each host zone to the rate limit whitelist
 
 	if storeUpgrades != nil {
 		app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, storeUpgrades))

dockernet/build.sh

@@ -38,6 +38,7 @@ build_local_and_docker() {
    # Some projects have a hard coded build directory, while others allow the passing of BUILDDIR
    # In the event that they have it hard coded, this will copy it into our build directory
    mv $folder/build/* $BUILDDIR/ > /dev/null 2>&1
+   mv $folder/bin/* $BUILDDIR/ > /dev/null 2>&1
 
    if [[ "$local_build_succeeded" == "0" ]]; then
       echo "Done" 

dockernet/config/relayer_config.yaml

@@ -13,7 +13,7 @@ chains:
       account-prefix: stride
       keyring-backend: test
       gas-adjustment: 1.3
-      gas-prices: 0.01ustrd
+      gas-prices: 0.02ustrd
       coin-type: 118
       debug: false
       timeout: 20s
@@ -27,8 +27,8 @@ chains:
       rpc-addr: http://gaia1:26657
       account-prefix: cosmos
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01uatom
+      gas-adjustment: 1.3
+      gas-prices: 0.02uatom
       coin-type: 118
       debug: false
       timeout: 20s
@@ -42,8 +42,8 @@ chains:
       rpc-addr: http://juno1:26657
       account-prefix: juno
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01ujuno
+      gas-adjustment: 1.3
+      gas-prices: 0.02ujuno
       coin-type: 118
       debug: false
       timeout: 20s
@@ -57,8 +57,8 @@ chains:
       rpc-addr: http://osmo1:26657
       account-prefix: osmo
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01uosmo
+      gas-adjustment: 1.3
+      gas-prices: 0.02uosmo
       coin-type: 118
       debug: false
       timeout: 20s
@@ -72,8 +72,8 @@ chains:
       rpc-addr: http://stars1:26657
       account-prefix: stars
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01ustars
+      gas-adjustment: 1.3
+      gas-prices: 0.02ustars
       coin-type: 118
       debug: false
       timeout: 20s
@@ -88,7 +88,7 @@ chains:
       account-prefix: stride
       keyring-backend: test
       gas-adjustment: 1.3
-      gas-prices: 0.01uwalk
+      gas-prices: 0.02uwalk
       coin-type: 118
       debug: false
       timeout: 20s
@@ -102,8 +102,8 @@ chains:
       rpc-addr: http://evmos1:26657
       account-prefix: evmos
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01aevmos
+      gas-adjustment: 1.3
+      gas-prices: 0.02aevmos
       coin-type: 60
       debug: false
       timeout: 20s
@@ -119,8 +119,8 @@ chains:
   #     rpc-addr: http://{node_prefix}1:26657
   #     account-prefix: {bech32_hrp_account_prefix}
   #     keyring-backend: test
-  #     gas-adjustment: 1.2
-  #     gas-prices: 0.01{minimal_denom}
+  #     gas-adjustment: 1.3
+  #     gas-prices: 0.02{minimal_denom}
   #     coin-type: {coin-type}
   #     debug: false
   #     timeout: 20s

dockernet/config/relayer_config_juno_osmo.yaml

@@ -14,8 +14,8 @@ chains:
       rpc-addr: http://juno1:26657
       account-prefix: juno
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01ujuno
+      gas-adjustment: 1.3
+      gas-prices: 0.02ujuno
       debug: false
       timeout: 20s
       output-format: json
@@ -28,8 +28,8 @@ chains:
       rpc-addr: http://osmo1:26657
       account-prefix: osmo
       keyring-backend: test
-      gas-adjustment: 1.2
-      gas-prices: 0.01uosmo
+      gas-adjustment: 1.3
+      gas-prices: 0.02uosmo
       debug: false
       timeout: 20s
       output-format: json

dockernet/dockerfiles/Dockerfile.osmo

@@ -4,7 +4,7 @@ WORKDIR /opt/
 
 RUN set -eux; apk add --no-cache ca-certificates build-base; apk add git linux-headers
 
-ENV COMMIT_HASH=v15.1.0
+ENV COMMIT_HASH=08669da8509059980dc964976ee1ca60c84f5c8a
 
 RUN git clone https://github.com/osmosis-labs/osmosis.git \
     && cd osmosis \
@@ -13,7 +13,7 @@ RUN git clone https://github.com/osmosis-labs/osmosis.git \
 WORKDIR /opt/osmosis
 
 # Cosmwasm - download correct libwasmvm version and verify checksum
-RUN WASMVM_VERSION=$(go list -m github.com/CosmWasm/wasmvm | cut -d ' ' -f 2) \
+RUN WASMVM_VERSION=v1.0.0 \
     && wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/libwasmvm_muslc.$(uname -m).a \
     -O /lib/libwasmvm_muslc.a \
     && wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/checksums.txt -O /tmp/checksums.txt \

dockernet/scripts/ratelimit/common.sh

@@ -137,7 +137,8 @@ submit_proposal_and_vote() {
     proposal_file=$2
 
     echo ">>> Submitting proposal for: $proposal_file"
-    $STRIDE_MAIN_CMD tx gov submit-legacy-proposal $proposal_type ${CURRENT_DIR}/proposals/${proposal_file} --from ${STRIDE_VAL_PREFIX}1 -y | TRIM_TX
+    $STRIDE_MAIN_CMD tx gov submit-legacy-proposal $proposal_type ${CURRENT_DIR}/proposals/${proposal_file} \
+        --from ${STRIDE_VAL_PREFIX}1 -y --gas 1000000 | TRIM_TX
     sleep 3
 
     proposal_id=$(get_last_proposal_id)

dockernet/scripts/ratelimit/run_all_tests.sh

@@ -7,6 +7,7 @@ source ${CURRENT_DIR}/test_tx_remove.sh
 source ${CURRENT_DIR}/test_quota_update.sh
 source ${CURRENT_DIR}/test_bidirectional_flow.sh
 source ${CURRENT_DIR}/test_denoms.sh
+source ${CURRENT_DIR}/test_send_failure.sh
 
 setup_juno_osmo_channel
 setup_channel_value
@@ -23,3 +24,4 @@ test_denom_ujuno
 test_denom_sttoken
 test_denom_juno_traveler
 test_remove_rate_limit
+test_send_failures

dockernet/scripts/ratelimit/test_send_failure.sh

@@ -0,0 +1,56 @@
+CURRENT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+source ${CURRENT_DIR}/../../config.sh
+source ${CURRENT_DIR}/common.sh
+
+test_ack_timeout() {
+    print_header "TESTING ACK TIMEOUT"
+
+    # Capture the start flow
+    start_flow=$(get_flow_amount ustrd channel-2 outflow)
+    echo "Initial outflow for ustrd: $start_flow"
+
+     # Send the transfer with a sub-second timeout timestamp to force a timeout
+    echo "Transferring..."
+    timeout=1000 # in nanoseconds
+    $STRIDE_MAIN_CMD tx ibc-transfer transfer transfer channel-2 $(OSMO_ADDRESS) 10000000ustrd \
+        --from val1 -y --packet-timeout-timestamp $timeout | TRIM_TX
+    sleep 15
+
+    # Capture the outflow
+    end_flow=$(get_flow_amount ustrd channel-2 outflow)
+    echo "End outflow for ustrd: $end_flow"
+
+    # The outflow should have been reset
+    actual_flow_change=$((end_flow-start_flow))
+    print_expectation 0 $actual_flow_change "Flow Change"
+}
+
+test_ack_failure() {
+    print_header "TESTING ACK FAILURE"
+
+    # Capture the start flow
+    start_flow=$(get_flow_amount ustrd channel-2 outflow)
+    echo "Initial outflow for ustrd: $start_flow"
+
+    # Send the transfer with a stride destination address instead of an osmo address
+    # to cause the transfer to fail
+    echo "Transferring..."
+    invalid_address=$(STRIDE_ADDRESS)
+    $STRIDE_MAIN_CMD tx ibc-transfer transfer transfer channel-2 $invalid_address 10000000ustrd --from val1 -y | TRIM_TX
+    sleep 15
+
+    # Capture the outflow
+    end_flow=$(get_flow_amount ustrd channel-2 outflow)
+    echo "End outflow for ustrd: $end_flow"
+
+    # The outflow should have been reset
+    actual_flow_change=$((end_flow-start_flow))
+    print_expectation 0 $actual_flow_change "Flow Change"
+}
+
+test_send_failures() {
+    wait_until_epoch_end
+
+    test_ack_timeout
+    test_ack_failure
+}

dockernet/src/init_chain.sh

@@ -36,8 +36,8 @@ set_stride_genesis() {
     jq '(.app_state.epochs.epochs[] | select(.identifier=="stride_epoch") ).duration = $epochLen' --arg epochLen $STRIDE_EPOCH_EPOCH_DURATION $genesis_config > json.tmp && mv json.tmp $genesis_config
     jq '(.app_state.epochs.epochs[] | select(.identifier=="mint") ).duration = $epochLen' --arg epochLen $STRIDE_MINT_EPOCH_DURATION $genesis_config > json.tmp && mv json.tmp $genesis_config
     jq '.app_state.staking.params.unbonding_time = $newVal' --arg newVal "$UNBONDING_TIME" $genesis_config > json.tmp && mv json.tmp $genesis_config
-    jq '.app_state.gov.deposit_params.max_deposit_period = $newVal' --arg newVal "$MAX_DEPOSIT_PERIOD" $genesis_config > json.tmp && mv json.tmp $genesis_config
-    jq '.app_state.gov.voting_params.voting_period = $newVal' --arg newVal "$VOTING_PERIOD" $genesis_config > json.tmp && mv json.tmp $genesis_config
+    jq '.app_state.gov.params.max_deposit_period = $newVal' --arg newVal "$MAX_DEPOSIT_PERIOD" $genesis_config > json.tmp && mv json.tmp $genesis_config
+    jq '.app_state.gov.params.voting_period = $newVal' --arg newVal "$VOTING_PERIOD" $genesis_config > json.tmp && mv json.tmp $genesis_config
 
     # enable stride as an interchain accounts controller
     jq "del(.app_state.interchain_accounts)" $genesis_config > json.tmp && mv json.tmp $genesis_config

proto/stride/ratelimit/genesis.proto

@@ -9,15 +9,21 @@ option go_package = "github.com/Stride-Labs/stride/v9/x/ratelimit/types";
 
 // GenesisState defines the ratelimit module's genesis state.
 message GenesisState {
-  // params defines all the parameters of the module.
   Params params = 1 [
     (gogoproto.moretags) = "yaml:\"params\"",
     (gogoproto.nullable) = false
   ];
 
-  // list of rate limits
   repeated RateLimit rate_limits = 2 [
     (gogoproto.moretags) = "yaml:\"rate_limits\"",
     (gogoproto.nullable) = false
   ];
+
+  repeated AddressWhitelist whitelisted_address_pairs = 3 [
+    (gogoproto.moretags) = "yaml:\"whitelisted_address_pairs\"",
+    (gogoproto.nullable) = false
+  ];
+
+  repeated string blacklisted_denoms = 4;
+  repeated string pending_send_packet_sequence_numbers = 5;
 }

proto/stride/ratelimit/query.proto

@@ -27,6 +27,16 @@ service Query {
     option (google.api.http).get =
         "/Stride-Labs/stride/ratelimit/ratelimits/{channel_id}";
   }
+  rpc AllBlacklistedDenoms(QueryAllBlacklistedDenomsRequest)
+      returns (QueryAllBlacklistedDenomsResponse) {
+    option (google.api.http).get =
+        "/Stride-Labs/stride/ratelimit/blacklisted_denoms";
+  }
+  rpc AllWhitelistedAddresses(QueryAllWhitelistedAddressesRequest)
+      returns (QueryAllWhitelistedAddressesResponse) {
+    option (google.api.http).get =
+        "/Stride-Labs/stride/ratelimit/whitelisted_addresses";
+  }
 }
 
 message QueryAllRateLimitsRequest {}
@@ -49,3 +59,11 @@ message QueryRateLimitsByChannelIdRequest { string channel_id = 1; }
 message QueryRateLimitsByChannelIdResponse {
   repeated RateLimit rate_limits = 1 [ (gogoproto.nullable) = false ];
 }
+
+message QueryAllBlacklistedDenomsRequest {}
+message QueryAllBlacklistedDenomsResponse { repeated string denoms = 1; }
+
+message QueryAllWhitelistedAddressesRequest {}
+message QueryAllWhitelistedAddressesResponse {
+  repeated AddressWhitelist address_pairs = 1 [ (gogoproto.nullable) = false ];
+}

proto/stride/ratelimit/ratelimit.proto

@@ -49,3 +49,8 @@ message RateLimit {
   Quota quota = 2;
   Flow flow = 3;
 }
+
+message AddressWhitelist {
+  string sender = 1;
+  string receiver = 2;
+}