diff --git a/x/authz/CHANGELOG.md b/x/authz/CHANGELOG.md index 0f0802cb09..cf43756435 100644 --- a/x/authz/CHANGELOG.md +++ b/x/authz/CHANGELOG.md @@ -29,6 +29,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * [#18737](https://github.com/cosmos/cosmos-sdk/pull/18737) Added a limit of 200 grants pruned per `BeginBlock` and the `PruneExpiredGrants` message that prunes 75 expired grants on every run. * [#20161](https://github.com/cosmos/cosmos-sdk/pull/20161) Added `RevokeAll` method to revoke all grants at once. +* [#20687](https://github.com/cosmos/cosmos-sdk/pull/20687) Prevent user to grant authz MsgGrant to other accounts. Preventing user from accidentally authorizing their entire account to a different account. ### API Breaking Changes diff --git a/x/authz/README.md b/x/authz/README.md index e1da4fceee..1f703bd56f 100644 --- a/x/authz/README.md +++ b/x/authz/README.md @@ -143,6 +143,8 @@ In this section we describe the processing of messages for the authz module. An authorization grant is created using the `MsgGrant` message. If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created. +An authorization grant for authz `MsgGrant` is not allowed and will return an error. This is for preventing user from accidentally authorizing their entire account to a different account. + ```protobuf reference https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45 ``` diff --git a/x/authz/keeper/keeper_test.go b/x/authz/keeper/keeper_test.go index a10c4289e7..35589d1fe9 100644 --- a/x/authz/keeper/keeper_test.go +++ b/x/authz/keeper/keeper_test.go @@ -80,6 +80,7 @@ func (s *TestSuite) SetupTest() { queryHelper := baseapp.NewQueryServerTestHelper(s.ctx, s.encCfg.InterfaceRegistry) authz.RegisterQueryServer(queryHelper, s.authzKeeper) + authz.RegisterMsgServer(s.baseApp.MsgServiceRouter(), s.authzKeeper) queryClient := authz.NewQueryClient(queryHelper) s.queryClient = queryClient diff --git a/x/authz/keeper/msg_server.go b/x/authz/keeper/msg_server.go index b7c0e7d664..1722a4f0bb 100644 --- a/x/authz/keeper/msg_server.go +++ b/x/authz/keeper/msg_server.go @@ -44,6 +44,12 @@ func (k Keeper) Grant(ctx context.Context, msg *authz.MsgGrant) (*authz.MsgGrant return nil, sdkerrors.ErrInvalidType.Wrapf("%s doesn't exist", t) } + // Disable granting other accounts with grant permission. + // Preventing user from accidentally authorizing their entire account to a different account. + if t == sdk.MsgTypeURL(&authz.MsgGrant{}) { + return nil, sdkerrors.ErrInvalidType.Wrap("authz msgGrant is not allowed") + } + err = k.SaveGrant(ctx, grantee, granter, authorization, msg.Grant.Expiration) if err != nil { return nil, err diff --git a/x/authz/keeper/msg_server_test.go b/x/authz/keeper/msg_server_test.go index 6313f8a3f8..ccce5a6f09 100644 --- a/x/authz/keeper/msg_server_test.go +++ b/x/authz/keeper/msg_server_test.go @@ -199,6 +199,20 @@ func (suite *TestSuite) TestGrant() { } }, }, + { + name: "invalid grant with msg grant", + malleate: func() *authz.MsgGrant { + grant, err := authz.NewGrant(curBlockTime, authz.NewGenericAuthorization("/cosmos.authz.v1beta1.MsgGrant"), nil) + suite.Require().NoError(err) + return &authz.MsgGrant{ + Granter: granterStrAddr, + Grantee: granteeStrAddr, + Grant: grant, + } + }, + expErr: true, + errMsg: "authz msgGrant is not allowed", + }, } for _, tc := range testCases {