From 311be37e90f8932d8754f53612732e87f9bb18ba Mon Sep 17 00:00:00 2001
From: Ethan Frey <ethanfrey@users.noreply.github.com>
Date: Thu, 4 Mar 2021 10:57:09 +0100
Subject: [PATCH] Add comment on tongue-in-check StealFunds message

---
 x/wasm/internal/keeper/keeper_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/x/wasm/internal/keeper/keeper_test.go b/x/wasm/internal/keeper/keeper_test.go
index 9f29763ff8..8afa6cd3f9 100644
--- a/x/wasm/internal/keeper/keeper_test.go
+++ b/x/wasm/internal/keeper/keeper_test.go
@@ -1026,6 +1026,14 @@ func TestMigrateWithDispatchedMessage(t *testing.T) {
 }
 
 type sudoMsg struct {
+	// This is a tongue-in-check demo command. This is not the intended purpose of Sudo.
+	// Here we show that some priviledged Go module can make a call that should never be exposed
+	// to end users (via Tx/Execute).
+	//
+	// The contract developer can choose to expose anything to sudo. This functionality is not a true
+	// backdoor (it can never be called by end users), but allows the developers of the native blockchain
+	// code to make special calls. This can also be used as an authentication mechanism, if you want to expose
+	// some callback that only can be triggered by some system module and not faked by external users.
 	StealFunds stealFundsMsg `json:"steal_funds"`
 }
 
@@ -1066,6 +1074,9 @@ func TestSudo(t *testing.T) {
 
 	// now the community wants to get paid via sudo
 	msg := sudoMsg{
+		// This is a tongue-in-check demo command. This is not the intended purpose of Sudo.
+		// Here we show that some priviledged Go module can make a call that should never be exposed
+		// to end users (via Tx/Execute).
 		StealFunds: stealFundsMsg{
 			Recipient: community.String(),
 			Amount:    wasmvmtypes.Coins{wasmvmtypes.NewCoin(76543, "denom")},