Problem: no permissions system in cronos (#795)

CHANGELOG.md

@@ -13,6 +13,7 @@
 - [cronos#781](https://github.com/crypto-org-chain/cronos/pull/781) Add prune command.
 - [cronos#830](https://github.com/crypto-org-chain/cronos/pull/830) Upgrade gravity bridge for latest bugfixes, patching two important DOS vulnerabilities
 - [cronos#834](https://github.com/crypto-org-chain/cronos/pull/834) Remove unsafe experimental flag.
+- [cronos#795](https://github.com/crypto-org-chain/cronos/pull/795) Support permissions in cronos.
 
 ### Bug Fixes
 

app/ante/ante.go

@@ -0,0 +1,53 @@
+package ante
+
+import (
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/crypto-org-chain/cronos/v2/x/cronos/keeper"
+	"github.com/crypto-org-chain/cronos/v2/x/cronos/types"
+	evmante "github.com/evmos/ethermint/app/ante"
+)
+
+// NewAnteHandler add additional logic on top of Ethermint's anteHandler
+func NewAnteHandler(options HandlerOptions) (sdk.AnteHandler, error) {
+	return func(
+		ctx sdk.Context, tx sdk.Tx, sim bool,
+	) (newCtx sdk.Context, err error) {
+		var anteHandler sdk.AnteHandler
+
+		defer evmante.Recover(ctx.Logger(), &err)
+
+		// Check msg authorization
+		for _, msg := range tx.GetMsgs() {
+			var permissionToCheck uint64
+			var accountToCheck sdk.AccAddress
+
+			switch v := msg.(type) {
+			case *types.MsgUpdateTokenMapping:
+				permissionToCheck = keeper.CanChangeTokenMapping
+				acc, err := sdk.AccAddressFromBech32(v.Sender)
+				if err != nil {
+					panic(err)
+				}
+				accountToCheck = acc
+			case *types.MsgTurnBridge:
+				permissionToCheck = keeper.CanTurnBridge
+				acc, err := sdk.AccAddressFromBech32(v.Sender)
+				if err != nil {
+					panic(err)
+				}
+				accountToCheck = acc
+			}
+
+			if !options.CronosKeeper.HasPermission(ctx, accountToCheck, permissionToCheck) {
+				return newCtx, sdkerrors.Wrap(sdkerrors.ErrInvalidAddress, "msg sender is unauthorized")
+			}
+		}
+
+		anteHandler, err = evmante.NewAnteHandler(options.EvmOptions)
+		if err != nil {
+			panic(err)
+		}
+		return anteHandler(ctx, tx, sim)
+	}, nil
+}

app/ante/handler_options.go

@@ -0,0 +1,12 @@
+package ante
+
+import (
+	evmante "github.com/evmos/ethermint/app/ante"
+)
+
+// HandlerOptions extend the ethermint's AnteHandler options by adding extra keeper necessary for
+// custom ante handler logics
+type HandlerOptions struct {
+	EvmOptions   evmante.HandlerOptions
+	CronosKeeper CronosKeeper
+}

app/ante/interface.go

@@ -0,0 +1,7 @@
+package ante
+
+import sdk "github.com/cosmos/cosmos-sdk/types"
+
+type CronosKeeper interface {
+	HasPermission(ctx sdk.Context, account sdk.AccAddress, permissionsToCheck uint64) bool
+}

app/app.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/crypto-org-chain/cronos/v2/app/ante"
 	"github.com/crypto-org-chain/cronos/v2/x/cronos/middleware"
 	"golang.org/x/exp/slices"
 
@@ -755,7 +756,7 @@ func New(
 
 // use Ethermint's custom AnteHandler
 func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64) {
-	anteHandler, err := evmante.NewAnteHandler(evmante.HandlerOptions{
+	evmOptions := evmante.HandlerOptions{
 		AccountKeeper:          app.AccountKeeper,
 		BankKeeper:             app.BankKeeper,
 		EvmKeeper:              app.EvmKeeper,
@@ -767,7 +768,13 @@ func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64) {
 		MaxTxGasWanted:         maxGasWanted,
 		ExtensionOptionChecker: ethermint.HasDynamicFeeExtensionOption,
 		TxFeeChecker:           evmante.NewDynamicFeeChecker(app.EvmKeeper),
-	})
+	}
+	options := ante.HandlerOptions{
+		EvmOptions:   evmOptions,
+		CronosKeeper: app.CronosKeeper,
+	}
+
+	anteHandler, err := ante.NewAnteHandler(options)
 	if err != nil {
 		panic(err)
 	}