Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(x/auth/vesting): Add BlockedAddr check in CreatePeriodicVestingAccount #19480

Merged
merged 3 commits into from
Feb 19, 2024
Merged

fix(x/auth/vesting): Add BlockedAddr check in CreatePeriodicVestingAccount #19480

merged 3 commits into from
Feb 19, 2024

Conversation

julienrbrt
Copy link
Member

@julienrbrt julienrbrt commented Feb 19, 2024
edited by tac0turtle
Loading

Description

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • updated the relevant documentation or specification, including comments for documenting Go code
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

  • New Features

    • Added a security enhancement to prevent blocked addresses from receiving funds in the creation of periodic vesting accounts.

  • Tests

    • Introduced new test cases to verify the handling of blocked addresses during account creation.

@julienrbrt julienrbrt requested a review from a team as a code owner February 19, 2024 17:15
@github-actions GitHub Actions
Copy link
Contributor

@julienrbrt your pull request is missing a changelog!

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 19, 2024
edited
Loading

Walkthrough

Walkthrough

The recent update introduces a safeguard in the CreatePeriodicVestingAccount function within the msgServer, ensuring that funds are not sent to addresses blocked by the BankKeeper. This is achieved through a new validation step that checks the recipient's status. Additionally, the update extends test coverage to include scenarios involving the creation of vesting and permanently locked accounts for blocked addresses, thereby enhancing error handling and system integrity.

Changes

Files Change Summary
x/auth/vesting/msg_server.go Added a check to prevent creating vesting accounts for addresses blocked by the BankKeeper.
x/auth/vesting/msg_server_test.go Introduced tests for vesting and permanently locked accounts with blocked addresses, testing specific error responses.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository from git and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

coderabbitai[bot]
coderabbitai bot reviewed Feb 19, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yml

Commits Files that changed from the base of the PR and between 72eae6d and 5a3c837.
Files selected for processing (2)
  • x/auth/vesting/msg_server.go (1 hunks)
  • x/auth/vesting/msg_server_test.go (4 hunks)
Additional comments: 6
x/auth/vesting/msg_server.go (2)
  • 197-199: The implementation correctly checks if the recipient address is blocked by the BankKeeper before allowing the creation of a PeriodicVestingAccount. This change aligns with the PR's objective to enhance security and compliance within the Cosmos SDK. The use of errorsmod.Wrapf to return a descriptive error message is appropriate and follows the Cosmos SDK's error handling conventions.
  • 194-203: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-436]

Overall, the changes made to the msg_server.go file are focused and directly address the PR's objectives without introducing any apparent side effects or deviations from the Cosmos SDK's coding standards. The rest of the file, including other account creation functions, remains consistent with the SDK's design principles, such as clear error handling, validation checks, and telemetry instrumentation.

x/auth/vesting/msg_server_test.go (4)
  • 139-153: The test case "create for blocked account" for CreateVestingAccount correctly verifies that an error is returned when attempting to create a vesting account for a blocked address. This test case is well-structured and effectively tests the new functionality. It's good to see that the expected error message is checked to ensure that the function behaves as intended when faced with a blocked address.
  • 253-267: The test case "create for blocked account" for CreatePermanentLockedAccount follows the same pattern as the previous test case and correctly asserts that creating a permanent locked account for a blocked address results in an error. This consistency in testing methodology across different account types is commendable and ensures comprehensive coverage of the new functionality.
  • 411-433: The test case "create for blocked address" for CreatePeriodicVestingAccount is particularly relevant to the PR's main objective. It effectively tests the new check by asserting that an attempt to create a periodic vesting account for a blocked address fails with the appropriate error message. This test case is crucial for validating the PR's changes and is implemented correctly.
  • 408-441: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-438]

Overall, the additions to the msg_server_test.go file provide sufficient test coverage for the changes associated with preventing blocked addresses from creating vesting accounts. The tests are well-organized, and the use of mock expectations for the BankKeeper's behavior is appropriate for isolating the functionality being tested. These tests are an essential part of the PR, ensuring that the new security and compliance feature works as intended.

@julienrbrt julienrbrt added this pull request to the merge queue Feb 19, 2024
Merged via the queue into main with commit c058502 Feb 19, 2024
62 of 65 checks passed
@julienrbrt julienrbrt deleted the advisory-fix-main branch February 19, 2024 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@testinginprod testinginprod testinginprod approved these changes

@tac0turtle tac0turtle tac0turtle approved these changes

Assignees
No one assigned
Labels
C:x/auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@julienrbrt @tac0turtle @testinginprod