Authorization logic of staking module: denyList never used?

## Summary of Bug


When going through the authorization logic of the staking module (`staking/types/authz.go`, function [`Accept`](https://github.com/cosmos/cosmos-sdk/blob/e0f812d3d756f19dc66baf6ebe14797c39d07fb4/x/staking/types/authz.go#L61)), I was confused by the parameters `allowed` and `denied` of the function [`NewStakeAuthorization`](https://github.com/cosmos/cosmos-sdk/blob/e0f812d3d756f19dc66baf6ebe14797c39d07fb4/x/staking/types/authz.go#L19).
 Quoting from the documentation: 

> Additionally, this Msg takes an AllowList and a DenyList, which allows you to select which validators you allow grantees to stake with.

However, it seems that it is never possible to have a non-empty `DenyList` with a successful authorization.
 1) exactly one of `allowList` and `denyList` may be given, not both (this follows from the function `validateAndBech32fy`)
 2) delegation will be accepted if the validator is both in the `allowList` and not in the `denyList` (this follows from the function `Accept` of `authz.go`: the boolean value `isValidatorExists` has to be set to `true`, or otherwise an error is raised)

Thus, if the authorization is to ever be successfully used, `denyList` must always be empty.

Is this intended behavior? If so, why not removing `denyList`?

## Version

e0f812d3d756f19dc66baf6ebe14797c39d07fb4

____

## For Admin Use

- [ ] Not duplicate issue
- [ ] Appropriate labels applied
- [ ] Appropriate contributors tagged
- [ ] Contributor assigned/self-assigned

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authorization logic of staking module: denyList never used? #11391

ivan-gavran
openedon Mar 16, 2022

Summary of Bug

Version

For Admin Use

Assignees

Labels

Type

Projects

Milestone

Relationships

Development