feat(x/authz): Disable authz grant message grant (#20687)

2024-06-25 15:59:18 +07:00 · 2024-06-25 15:59:18 +07:00 · 7f329c6506
commit 7f329c6506
parent e6dd027510
5 changed files with 24 additions and 0 deletions
--- a/x/authz/CHANGELOG.md
+++ b/x/authz/CHANGELOG.md
@ -29,6 +29,7 @@ Ref: https://keepachangelog.com/en/1.0.0/

 * [#18737](https://github.com/cosmos/cosmos-sdk/pull/18737) Added a limit of 200 grants pruned per `BeginBlock` and the `PruneExpiredGrants` message that prunes 75 expired grants on every run.
 * [#20161](https://github.com/cosmos/cosmos-sdk/pull/20161) Added `RevokeAll` method to revoke all grants at once.
+* [#20687](https://github.com/cosmos/cosmos-sdk/pull/20687) Prevent user to grant authz MsgGrant to other accounts. Preventing user from accidentally authorizing their entire account to a different account.

 ### API Breaking Changes

--- a/x/authz/README.md
+++ b/x/authz/README.md
@ -143,6 +143,8 @@ In this section we describe the processing of messages for the authz module.
 An authorization grant is created using the `MsgGrant` message.
 If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created.

+An authorization grant for authz `MsgGrant` is not allowed and will return an error. This is for preventing user from accidentally authorizing their entire account to a different account.
+
 ```protobuf reference
 https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45
 ```
--- a/x/authz/keeper/keeper_test.go
+++ b/x/authz/keeper/keeper_test.go
@ -80,6 +80,7 @@ func (s *TestSuite) SetupTest() {

 	queryHelper := baseapp.NewQueryServerTestHelper(s.ctx, s.encCfg.InterfaceRegistry)
 	authz.RegisterQueryServer(queryHelper, s.authzKeeper)
+	authz.RegisterMsgServer(s.baseApp.MsgServiceRouter(), s.authzKeeper)
 	queryClient := authz.NewQueryClient(queryHelper)
 	s.queryClient = queryClient

--- a/x/authz/keeper/msg_server.go
+++ b/x/authz/keeper/msg_server.go
@ -44,6 +44,12 @@ func (k Keeper) Grant(ctx context.Context, msg *authz.MsgGrant) (*authz.MsgGrant
 		return nil, sdkerrors.ErrInvalidType.Wrapf("%s doesn't exist", t)
 	}

+	// Disable granting other accounts with grant permission.
+	// Preventing user from accidentally authorizing their entire account to a different account.
+	if t == sdk.MsgTypeURL(&authz.MsgGrant{}) {
+		return nil, sdkerrors.ErrInvalidType.Wrap("authz msgGrant is not allowed")
+	}
+
 	err = k.SaveGrant(ctx, grantee, granter, authorization, msg.Grant.Expiration)
 	if err != nil {
 		return nil, err
--- a/x/authz/keeper/msg_server_test.go
+++ b/x/authz/keeper/msg_server_test.go
@ -199,6 +199,20 @@ func (suite *TestSuite) TestGrant() {
 				}
 			},
 		},
+		{
+			name: "invalid grant with msg grant",
+			malleate: func() *authz.MsgGrant {
+				grant, err := authz.NewGrant(curBlockTime, authz.NewGenericAuthorization("/cosmos.authz.v1beta1.MsgGrant"), nil)
+				suite.Require().NoError(err)
+				return &authz.MsgGrant{
+					Granter: granterStrAddr,
+					Grantee: granteeStrAddr,
+					Grant:   grant,
+				}
+			},
+			expErr: true,
+			errMsg: "authz msgGrant is not allowed",
+		},
 	}

 	for _, tc := range testCases {