From 0eec3ca92cd409cb345e2c7a7b493314378ba114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?colin=20axn=C3=A9r?= <25233464+colin-axner@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:01:06 +0100 Subject: [PATCH] docs: add security model to ics27 docs (#841) ## Description Wording could maybe be improved, but I think the content is good enough closes: #705 --- Before we can merge this PR, please make sure that all the following items have been checked off. If any of the checklist items are not applicable, please leave them but write a little note why. - [ ] Targeted PR against correct branch (see [CONTRIBUTING.md](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] Linked to Github issue with discussion and accepted design OR link to spec that describes this work. - [ ] Code follows the [module structure standards](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/structure.md). - [ ] Wrote unit and integration [tests](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#testing) - [ ] Updated relevant documentation (`docs/`) or specification (`x//spec/`) - [ ] Added relevant `godoc` [comments](https://blog.golang.org/godoc-documenting-go-code). - [ ] Added a relevant changelog entry to the `Unreleased` section in `CHANGELOG.md` - [ ] Re-reviewed `Files changed` in the Github PR explorer - [ ] Review `Codecov Report` in the comment section below once CI passes (cherry picked from commit ec36c75e1a84abafedc797e8a60823ba7c4e762f) --- docs/app-modules/interchain-accounts/overview.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/app-modules/interchain-accounts/overview.md b/docs/app-modules/interchain-accounts/overview.md index ada5c74336e..dc015aaf1e3 100644 --- a/docs/app-modules/interchain-accounts/overview.md +++ b/docs/app-modules/interchain-accounts/overview.md @@ -29,4 +29,10 @@ Regular accounts use a private key to sign transactions on-chain. Interchain Acc `Interchain Account`: An account on a host chain. An interchain account has all the capabilities of a normal account. However, rather than signing transactions with a private key, a controller chain's authentication module will send IBC packets to the host chain which signals what transactions the interchain account should execute. +## SDK Security Model +SDK modules on a chain are assumed to be trustworthy. For example, there are no checks to prevent an untrustworthy module from accessing the bank keeper. + +The implementation of ICS27 on ibc-go uses this assumption in its security considerations. The implementation assumes the authentication module will not try to open channels on owner addresses it does not control. + +The implementation assumes other IBC application modules will not bind to ports within the ICS27 namespace.