fix(x/authz,x/feegrant): check blocked address (#20102)

julienrbrt · web-flow · commit fcb9d84edbec · 2024-04-21T21:27:56.000+02:00
diff --git a/x/authz/expected_keepers.go b/x/authz/expected_keepers.go
@@ -20,4 +20,5 @@ type AccountKeeper interface {
 type BankKeeper interface {
 	SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins
 	IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) error
+	BlockedAddr(addr sdk.AccAddress) bool
 }
diff --git a/x/authz/keeper/keeper.go b/x/authz/keeper/keeper.go
@@ -34,6 +34,7 @@ type Keeper struct {
 	cdc          codec.Codec
 	router       baseapp.MessageRouter
 	authKeeper   authz.AccountKeeper
+	bankKeeper   authz.BankKeeper
 }
 
 // NewKeeper constructs a message authorization Keeper
@@ -46,6 +47,13 @@ func NewKeeper(storeService corestoretypes.KVStoreService, cdc codec.Codec, rout
 	}
 }
 
+// Super ugly hack to not be breaking in v0.50 and v0.47
+// DO NOT USE.
+func (k Keeper) SetBankKeeper(bk authz.BankKeeper) Keeper {
+	k.bankKeeper = bk
+	return k
+}
+
 // Logger returns a module-specific logger.
 func (k Keeper) Logger(ctx context.Context) log.Logger {
 	sdkCtx := sdk.UnwrapSDKContext(ctx)
diff --git a/x/authz/keeper/keeper_test.go b/x/authz/keeper/keeper_test.go
@@ -68,14 +68,14 @@ func (s *TestSuite) SetupTest() {
 	// gomock initializations
 	ctrl := gomock.NewController(s.T())
 	s.accountKeeper = authztestutil.NewMockAccountKeeper(ctrl)
-
 	s.accountKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes()
 
 	s.bankKeeper = authztestutil.NewMockBankKeeper(ctrl)
 	banktypes.RegisterInterfaces(s.encCfg.InterfaceRegistry)
 	banktypes.RegisterMsgServer(s.baseApp.MsgServiceRouter(), s.bankKeeper)
+	s.bankKeeper.EXPECT().BlockedAddr(gomock.Any()).Return(false).AnyTimes()
 
-	s.authzKeeper = authzkeeper.NewKeeper(storeService, s.encCfg.Codec, s.baseApp.MsgServiceRouter(), s.accountKeeper)
+	s.authzKeeper = authzkeeper.NewKeeper(storeService, s.encCfg.Codec, s.baseApp.MsgServiceRouter(), s.accountKeeper).SetBankKeeper(s.bankKeeper)
 
 	queryHelper := baseapp.NewQueryServerTestHelper(s.ctx, s.encCfg.InterfaceRegistry)
 	authz.RegisterQueryServer(queryHelper, s.authzKeeper)
diff --git a/x/authz/keeper/msg_server.go b/x/authz/keeper/msg_server.go
@@ -38,6 +38,10 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra
 	ctx := sdk.UnwrapSDKContext(goCtx)
 	granteeAcc := k.authKeeper.GetAccount(ctx, grantee)
 	if granteeAcc == nil {
+		if k.bankKeeper.BlockedAddr(grantee) {
+			return nil, sdkerrors.ErrUnauthorized.Wrapf("%s is not allowed to receive funds", grantee)
+		}
+
 		granteeAcc = k.authKeeper.NewAccountWithAddress(ctx, grantee)
 		k.authKeeper.SetAccount(ctx, granteeAcc)
 	}
diff --git a/x/authz/module/module.go b/x/authz/module/module.go
@@ -113,7 +113,7 @@ type AppModule struct {
 func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak authz.AccountKeeper, bk authz.BankKeeper, registry cdctypes.InterfaceRegistry) AppModule {
 	return AppModule{
 		AppModuleBasic: AppModuleBasic{cdc: cdc, ac: ak.AddressCodec()},
-		keeper:         keeper,
+		keeper:         keeper.SetBankKeeper(bk), // Super ugly hack to not be api breaking in v0.50 and v0.47
 		accountKeeper:  ak,
 		bankKeeper:     bk,
 		registry:       registry,
diff --git a/x/authz/testutil/expected_keepers_mocks.go b/x/authz/testutil/expected_keepers_mocks.go
diff --git a/x/feegrant/expected_keepers.go b/x/feegrant/expected_keepers.go
@@ -24,4 +24,5 @@ type AccountKeeper interface {
 type BankKeeper interface {
 	SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins
 	SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error
+	BlockedAddr(addr sdk.AccAddress) bool
 }
diff --git a/x/feegrant/keeper/keeper.go b/x/feegrant/keeper/keeper.go
@@ -24,6 +24,7 @@ type Keeper struct {
 	cdc          codec.BinaryCodec
 	storeService store.KVStoreService
 	authKeeper   feegrant.AccountKeeper
+	bankKeeper   feegrant.BankKeeper
 }
 
 var _ ante.FeegrantKeeper = &Keeper{}
@@ -37,6 +38,13 @@ func NewKeeper(cdc codec.BinaryCodec, storeService store.KVStoreService, ak feeg
 	}
 }
 
+// Super ugly hack to not be breaking in v0.50 and v0.47
+// DO NOT USE.
+func (k Keeper) SetBankKeeper(bk feegrant.BankKeeper) Keeper {
+	k.bankKeeper = bk
+	return k
+}
+
 // Logger returns a module-specific logger.
 func (k Keeper) Logger(ctx sdk.Context) log.Logger {
 	return ctx.Logger().With("module", fmt.Sprintf("x/%s", feegrant.ModuleName))
@@ -52,6 +60,10 @@ func (k Keeper) GrantAllowance(ctx context.Context, granter, grantee sdk.AccAddr
 	// create the account if it is not in account state
 	granteeAcc := k.authKeeper.GetAccount(ctx, grantee)
 	if granteeAcc == nil {
+		if k.bankKeeper.BlockedAddr(grantee) {
+			return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", grantee)
+		}
+
 		granteeAcc = k.authKeeper.NewAccountWithAddress(ctx, grantee)
 		k.authKeeper.SetAccount(ctx, granteeAcc)
 	}
diff --git a/x/feegrant/keeper/keeper_test.go b/x/feegrant/keeper/keeper_test.go
@@ -31,6 +31,7 @@ type KeeperTestSuite struct {
 	atom           sdk.Coins
 	feegrantKeeper keeper.Keeper
 	accountKeeper  *feegranttestutil.MockAccountKeeper
+	bankKeeper     *feegranttestutil.MockBankKeeper
 }
 
 func TestKeeperTestSuite(t *testing.T) {
@@ -49,10 +50,11 @@ func (suite *KeeperTestSuite) SetupTest() {
 	for i := 0; i < len(suite.addrs); i++ {
 		suite.accountKeeper.EXPECT().GetAccount(gomock.Any(), suite.addrs[i]).Return(authtypes.NewBaseAccountWithAddress(suite.addrs[i])).AnyTimes()
 	}
-
 	suite.accountKeeper.EXPECT().AddressCodec().Return(codecaddress.NewBech32Codec("cosmos")).AnyTimes()
+	suite.bankKeeper = feegranttestutil.NewMockBankKeeper(ctrl)
+	suite.bankKeeper.EXPECT().BlockedAddr(gomock.Any()).Return(false).AnyTimes()
 
-	suite.feegrantKeeper = keeper.NewKeeper(encCfg.Codec, runtime.NewKVStoreService(key), suite.accountKeeper)
+	suite.feegrantKeeper = keeper.NewKeeper(encCfg.Codec, runtime.NewKVStoreService(key), suite.accountKeeper).SetBankKeeper(suite.bankKeeper)
 	suite.ctx = testCtx.Ctx
 	suite.msgSrvr = keeper.NewMsgServerImpl(suite.feegrantKeeper)
 	suite.atom = sdk.NewCoins(sdk.NewCoin("atom", sdkmath.NewInt(555)))
diff --git a/x/feegrant/module/module.go b/x/feegrant/module/module.go
@@ -120,7 +120,7 @@ type AppModule struct {
 func NewAppModule(cdc codec.Codec, ak feegrant.AccountKeeper, bk feegrant.BankKeeper, keeper keeper.Keeper, registry cdctypes.InterfaceRegistry) AppModule {
 	return AppModule{
 		AppModuleBasic: AppModuleBasic{cdc: cdc, ac: ak.AddressCodec()},
-		keeper:         keeper,
+		keeper:         keeper.SetBankKeeper(bk),
 		accountKeeper:  ak,
 		bankKeeper:     bk,
 		registry:       registry,
diff --git a/x/feegrant/testutil/expected_keepers_mocks.go b/x/feegrant/testutil/expected_keepers_mocks.go

Original file line number	Diff line number	Diff line change
`@@ -20,4 +20,5 @@ type AccountKeeper interface {`
`20`	`20`	`type BankKeeper interface {`
`21`	`21`	`SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins`
`22`	`22`	`IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) error`
	`23`	`+ BlockedAddr(addr sdk.AccAddress) bool`
`23`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ type Keeper struct {`
`34`	`34`	`cdc codec.Codec`
`35`	`35`	`router baseapp.MessageRouter`
`36`	`36`	`authKeeper authz.AccountKeeper`
	`37`	`+ bankKeeper authz.BankKeeper`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`// NewKeeper constructs a message authorization Keeper`
`@@ -46,6 +47,13 @@ func NewKeeper(storeService corestoretypes.KVStoreService, cdc codec.Codec, rout`
`46`	`47`	`}`
`47`	`48`	`}`
`48`	`49`
	`50`	`+// Super ugly hack to not be breaking in v0.50 and v0.47`
	`51`	`+// DO NOT USE.`
	`52`	`+func (k Keeper) SetBankKeeper(bk authz.BankKeeper) Keeper {`
	`53`	`+ k.bankKeeper = bk`
	`54`	`+ return k`
	`55`	`+}`
	`56`	`+`
`49`	`57`	`// Logger returns a module-specific logger.`
`50`	`58`	`func (k Keeper) Logger(ctx context.Context) log.Logger {`
`51`	`59`	`sdkCtx := sdk.UnwrapSDKContext(ctx)`
Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,5 @@ type AccountKeeper interface {`
`24`	`24`	`type BankKeeper interface {`
`25`	`25`	`SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins`
`26`	`26`	`SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error`
	`27`	`+ BlockedAddr(addr sdk.AccAddress) bool`
`27`	`28`	`}`