Skip to content

Commit

Permalink
fix(x/authz,x/feegrant): check blocked address (backport #20102) (#20114
Browse files Browse the repository at this point in the history
)

Co-authored-by: Julien Robert <[email protected]>
  • Loading branch information
mergify[bot] and julienrbrt authored Apr 22, 2024
1 parent 3d03c1b commit b68da64
Show file tree
Hide file tree
Showing 13 changed files with 69 additions and 10 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,11 @@ Ref: https://keepachangelog.com/en/1.0.0/

## [Unreleased]

## [v0.47.11](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.11) - 2024-04-18
## [v0.47.11](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.11) - 2024-04-22

### Bug Fixes

* (x/feegrant,x/authz) [#20114](https://github.com/cosmos/cosmos-sdk/pull/20114) Follow up of [GHSA-4j93-fm92-rp4m](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-4j93-fm92-rp4m). The same issue was found in `x/feegrant` and `x/authz` modules.
* (crypto) [#20027](https://github.com/cosmos/cosmos-sdk/pull/20027) secp256r1 keys now implement gogoproto's customtype interface.
* (x/gov) [#19725](https://github.com/cosmos/cosmos-sdk/pull/19725) Fetch a failed proposal tally from `proposal.FinalTallyResult` in the gprc query.
* (crypto) [#19691](https://github.com/cosmos/cosmos-sdk/pull/19746) Throw an error when signing with incorrect Ledger.
Expand Down
3 changes: 2 additions & 1 deletion RELEASE_NOTES.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ For this month patch release of the v0.47.x line, a few bug were fixed in the SD
Notably:

* `secp256r1` keys now implement gogoproto's customtype interface.
* Throw an error when signing with incorrect Ledger.
* CLI now throws an error when signing with an incorrect Ledger.
* Fixing [GHSA-4j93-fm92-rp4m](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-4j93-fm92-rp4m) in `x/feegrant` and `x/authz` modules. The upgrade instuctions were provided in the [v0.47.9 release notes](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.9).

Check out the [changelog](https://github.com/cosmos/cosmos-sdk/blob/v0.47.11/CHANGELOG.md) for an exhaustive list of changes or [compare changes](https://github.com/cosmos/cosmos-sdk/compare/v0.47.10...v0.47.11) from last release.

Expand Down
1 change: 1 addition & 0 deletions x/authz/expected_keepers.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,5 @@ type AccountKeeper interface {
type BankKeeper interface {
SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins
IsSendEnabledCoins(ctx sdk.Context, coins ...sdk.Coin) error
BlockedAddr(addr sdk.AccAddress) bool
}
8 changes: 8 additions & 0 deletions x/authz/keeper/keeper.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ type Keeper struct {
cdc codec.BinaryCodec
router *baseapp.MsgServiceRouter
authKeeper authz.AccountKeeper
bankKeeper authz.BankKeeper
}

// NewKeeper constructs a message authorization Keeper
Expand All @@ -40,6 +41,13 @@ func NewKeeper(storeKey storetypes.StoreKey, cdc codec.BinaryCodec, router *base
}
}

// Super ugly hack to not be breaking in v0.50 and v0.47
// DO NOT USE.
func (k Keeper) SetBankKeeper(bk authz.BankKeeper) Keeper {
k.bankKeeper = bk
return k
}

// Logger returns a module-specific logger.
func (k Keeper) Logger(ctx sdk.Context) log.Logger {
return ctx.Logger().With("module", fmt.Sprintf("x/%s", authz.ModuleName))
Expand Down
3 changes: 2 additions & 1 deletion x/authz/keeper/keeper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,9 @@ func (s *TestSuite) SetupTest() {
s.bankKeeper = authztestutil.NewMockBankKeeper(ctrl)
banktypes.RegisterInterfaces(s.encCfg.InterfaceRegistry)
banktypes.RegisterMsgServer(s.baseApp.MsgServiceRouter(), s.bankKeeper)
s.bankKeeper.EXPECT().BlockedAddr(gomock.Any()).Return(false).AnyTimes()

s.authzKeeper = authzkeeper.NewKeeper(key, s.encCfg.Codec, s.baseApp.MsgServiceRouter(), s.accountKeeper)
s.authzKeeper = authzkeeper.NewKeeper(key, s.encCfg.Codec, s.baseApp.MsgServiceRouter(), s.accountKeeper).SetBankKeeper(s.bankKeeper)

queryHelper := baseapp.NewQueryServerTestHelper(s.ctx, s.encCfg.InterfaceRegistry)
authz.RegisterQueryServer(queryHelper, s.authzKeeper)
Expand Down
4 changes: 4 additions & 0 deletions x/authz/keeper/msg_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra
// create the account if it is not in account state
granteeAcc := k.authKeeper.GetAccount(ctx, grantee)
if granteeAcc == nil {
if k.bankKeeper.BlockedAddr(grantee) {
return nil, sdkerrors.ErrUnauthorized.Wrapf("%s is not allowed to receive funds", grantee)
}

granteeAcc = k.authKeeper.NewAccountWithAddress(ctx, grantee)
k.authKeeper.SetAccount(ctx, granteeAcc)
}
Expand Down
2 changes: 1 addition & 1 deletion x/authz/module/module.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ type AppModule struct {
func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak authz.AccountKeeper, bk authz.BankKeeper, registry cdctypes.InterfaceRegistry) AppModule {
return AppModule{
AppModuleBasic: AppModuleBasic{cdc: cdc},
keeper: keeper,
keeper: keeper.SetBankKeeper(bk), // Super ugly hack to not be api breaking in v0.50 and v0.47,
accountKeeper: ak,
bankKeeper: bk,
registry: registry,
Expand Down
14 changes: 14 additions & 0 deletions x/authz/testutil/expected_keepers_mocks.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions x/feegrant/expected_keepers.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,5 @@ type AccountKeeper interface {
type BankKeeper interface {
SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins
SendCoinsFromAccountToModule(ctx sdk.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error
BlockedAddr(addr sdk.AccAddress) bool
}
12 changes: 12 additions & 0 deletions x/feegrant/keeper/keeper.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ type Keeper struct {
cdc codec.BinaryCodec
storeKey storetypes.StoreKey
authKeeper feegrant.AccountKeeper
bankKeeper feegrant.BankKeeper
}

var _ ante.FeegrantKeeper = &Keeper{}
Expand All @@ -34,6 +35,13 @@ func NewKeeper(cdc codec.BinaryCodec, storeKey storetypes.StoreKey, ak feegrant.
}
}

// Super ugly hack to not be breaking in v0.50 and v0.47
// DO NOT USE.
func (k Keeper) SetBankKeeper(bk feegrant.BankKeeper) Keeper {
k.bankKeeper = bk
return k
}

// Logger returns a module-specific logger.
func (k Keeper) Logger(ctx sdk.Context) log.Logger {
return ctx.Logger().With("module", fmt.Sprintf("x/%s", feegrant.ModuleName))
Expand All @@ -44,6 +52,10 @@ func (k Keeper) GrantAllowance(ctx sdk.Context, granter, grantee sdk.AccAddress,
// create the account if it is not in account state
granteeAcc := k.authKeeper.GetAccount(ctx, grantee)
if granteeAcc == nil {
if k.bankKeeper.BlockedAddr(grantee) {
return sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", grantee)
}

granteeAcc = k.authKeeper.NewAccountWithAddress(ctx, grantee)
k.authKeeper.SetAccount(ctx, granteeAcc)
}
Expand Down
12 changes: 7 additions & 5 deletions x/feegrant/keeper/keeper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ type KeeperTestSuite struct {
atom sdk.Coins
feegrantKeeper keeper.Keeper
accountKeeper *feegranttestutil.MockAccountKeeper
bankKeeper *feegranttestutil.MockBankKeeper
}

func TestKeeperTestSuite(t *testing.T) {
Expand All @@ -41,12 +42,13 @@ func (suite *KeeperTestSuite) SetupTest() {
// setup gomock and initialize some globally expected executions
ctrl := gomock.NewController(suite.T())
suite.accountKeeper = feegranttestutil.NewMockAccountKeeper(ctrl)
suite.accountKeeper.EXPECT().GetAccount(gomock.Any(), suite.addrs[0]).Return(authtypes.NewBaseAccountWithAddress(suite.addrs[0])).AnyTimes()
suite.accountKeeper.EXPECT().GetAccount(gomock.Any(), suite.addrs[1]).Return(authtypes.NewBaseAccountWithAddress(suite.addrs[1])).AnyTimes()
suite.accountKeeper.EXPECT().GetAccount(gomock.Any(), suite.addrs[2]).Return(authtypes.NewBaseAccountWithAddress(suite.addrs[2])).AnyTimes()
suite.accountKeeper.EXPECT().GetAccount(gomock.Any(), suite.addrs[3]).Return(authtypes.NewBaseAccountWithAddress(suite.addrs[3])).AnyTimes()
for i := 0; i < len(suite.addrs); i++ {
suite.accountKeeper.EXPECT().GetAccount(gomock.Any(), suite.addrs[i]).Return(authtypes.NewBaseAccountWithAddress(suite.addrs[i])).AnyTimes()
}
suite.bankKeeper = feegranttestutil.NewMockBankKeeper(ctrl)
suite.bankKeeper.EXPECT().BlockedAddr(gomock.Any()).Return(false).AnyTimes()

suite.feegrantKeeper = keeper.NewKeeper(encCfg.Codec, key, suite.accountKeeper)
suite.feegrantKeeper = keeper.NewKeeper(encCfg.Codec, key, suite.accountKeeper).SetBankKeeper(suite.bankKeeper)
suite.ctx = testCtx.Ctx
suite.msgSrvr = keeper.NewMsgServerImpl(suite.feegrantKeeper)
suite.atom = sdk.NewCoins(sdk.NewCoin("atom", sdk.NewInt(555)))
Expand Down
2 changes: 1 addition & 1 deletion x/feegrant/module/module.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ type AppModule struct {
func NewAppModule(cdc codec.Codec, ak feegrant.AccountKeeper, bk feegrant.BankKeeper, keeper keeper.Keeper, registry cdctypes.InterfaceRegistry) AppModule {
return AppModule{
AppModuleBasic: AppModuleBasic{cdc: cdc},
keeper: keeper,
keeper: keeper.SetBankKeeper(bk), // Super ugly hack to not be api breaking in v0.50 and v0.47,
accountKeeper: ak,
bankKeeper: bk,
registry: registry,
Expand Down
14 changes: 14 additions & 0 deletions x/feegrant/testutil/expected_keepers_mocks.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit b68da64

Please sign in to comment.