Skip to content

Commit

Permalink
fix: adding check for blocked addresses before escrowing fees (backport
Browse files Browse the repository at this point in the history
#1890) (#1951)

* fix: adding check for blocked addresses before escrowing fees (#1890)

* fix: adding check for blocked addresses before escrowing fees

* refactor: move check below isLocked check

* refactor: use sdk error instead of fee error

* feat: adding check to RegisterPayee

* chore: format import

* refactor: remove dist module from unblocked addr

(cherry picked from commit 7694903)

* fix merge error

Co-authored-by: Sean King <seantking@users.noreply.github.com>
Co-authored-by: Carlos Rodriguez <crodveg@gmail.com>
  • Loading branch information
3 people authored Aug 10, 2022
1 parent c9894c9 commit 07d3f55
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 1 deletion.
27 changes: 27 additions & 0 deletions modules/apps/29-fee/keeper/msg_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,15 @@ var _ types.MsgServer = Keeper{}
func (k Keeper) RegisterPayee(goCtx context.Context, msg *types.MsgRegisterPayee) (*types.MsgRegisterPayeeResponse, error) {
ctx := sdk.UnwrapSDKContext(goCtx)

payee, err := sdk.AccAddressFromBech32(msg.Payee)
if err != nil {
return nil, err
}

if k.bankKeeper.BlockedAddr(payee) {
return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "%s is not authorized to be a payee", payee)
}

// only register payee address if the channel exists and is fee enabled
if _, found := k.channelKeeper.GetChannel(ctx, msg.PortId, msg.ChannelId); !found {
return nil, channeltypes.ErrChannelNotFound
Expand Down Expand Up @@ -78,6 +87,15 @@ func (k Keeper) PayPacketFee(goCtx context.Context, msg *types.MsgPayPacketFee)
return nil, types.ErrFeeModuleLocked
}

refundAcc, err := sdk.AccAddressFromBech32(msg.Signer)
if err != nil {
return nil, err
}

if k.bankKeeper.BlockedAddr(refundAcc) {
return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to escrow fees", refundAcc)
}

// get the next sequence
sequence, found := k.GetNextSequenceSend(ctx, msg.SourcePortId, msg.SourceChannelId)
if !found {
Expand Down Expand Up @@ -110,6 +128,15 @@ func (k Keeper) PayPacketFeeAsync(goCtx context.Context, msg *types.MsgPayPacket
return nil, types.ErrFeeModuleLocked
}

refundAcc, err := sdk.AccAddressFromBech32(msg.PacketFee.RefundAddress)
if err != nil {
return nil, err
}

if k.bankKeeper.BlockedAddr(refundAcc) {
return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to escrow fees", refundAcc)
}

nextSeqSend, found := k.GetNextSequenceSend(ctx, msg.PacketId.PortId, msg.PacketId.ChannelId)
if !found {
return nil, sdkerrors.Wrapf(channeltypes.ErrSequenceSendNotFound, "channel does not exist, portID: %s, channelID: %s", msg.PacketId.PortId, msg.PacketId.ChannelId)
Expand Down
31 changes: 31 additions & 0 deletions modules/apps/29-fee/keeper/msg_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
sdk "github.com/cosmos/cosmos-sdk/types"

"github.com/cosmos/ibc-go/v5/modules/apps/29-fee/types"
transfertypes "github.com/cosmos/ibc-go/v5/modules/apps/transfer/types"
clienttypes "github.com/cosmos/ibc-go/v5/modules/core/02-client/types"
channeltypes "github.com/cosmos/ibc-go/v5/modules/core/04-channel/types"
ibctesting "github.com/cosmos/ibc-go/v5/testing"
Expand Down Expand Up @@ -37,6 +38,20 @@ func (suite *KeeperTestSuite) TestRegisterPayee() {
suite.chainA.GetSimApp().IBCFeeKeeper.DeleteFeeEnabled(suite.chainA.GetContext(), suite.path.EndpointA.ChannelConfig.PortID, suite.path.EndpointA.ChannelID)
},
},
{
"given payee is not an sdk address",
false,
func() {
msg.Payee = "invalid-addr"
},
},
{
"payee is a blocked address",
false,
func() {
msg.Payee = suite.chainA.GetSimApp().AccountKeeper.GetModuleAddress(transfertypes.ModuleName).String()
},
},
}

for _, tc := range testCases {
Expand Down Expand Up @@ -220,6 +235,14 @@ func (suite *KeeperTestSuite) TestPayPacketFee() {
},
false,
},
{
"refund account is a blocked address",
func() {
blockedAddr := suite.chainA.GetSimApp().AccountKeeper.GetModuleAccount(suite.chainA.GetContext(), transfertypes.ModuleName).GetAddress()
msg.Signer = blockedAddr.String()
},
false,
},
{
"acknowledgement fee balance not found",
func() {
Expand Down Expand Up @@ -399,6 +422,14 @@ func (suite *KeeperTestSuite) TestPayPacketFeeAsync() {
},
false,
},
{
"refund account is a blocked address",
func() {
blockedAddr := suite.chainA.GetSimApp().AccountKeeper.GetModuleAccount(suite.chainA.GetContext(), transfertypes.ModuleName).GetAddress()
msg.PacketFee.RefundAddress = blockedAddr.String()
},
false,
},
{
"acknowledgement fee balance not found",
func() {
Expand Down
2 changes: 1 addition & 1 deletion testing/simapp/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -672,7 +672,7 @@ func (app *SimApp) LoadHeight(height int64) error {
func (app *SimApp) ModuleAccountAddrs() map[string]bool {
modAccAddrs := make(map[string]bool)
for acc := range maccPerms {
// do not add mock module to blocked addresses
// do not add the following modules to blocked addresses
// this is only used for testing
if acc == ibcmock.ModuleName {
continue
Expand Down

0 comments on commit 07d3f55

Please sign in to comment.