Contract authz - redesign

[alpe]

Part of #803 - server side

Based on the great work started by @giansalex in #966

This PR includes a new and more extendable model than #978 . A contract execution or migration grant has:

# Supported "limits" - that are stateful and restrict the number of executions

• max calls
• max token transferred
• max calls + max token transferred

# Supported "filters" - that check if the submitted message is allowed

• json object key name
• any payload wild card
• byte equal payload (not messing with json in this iteration)

Not implemented, to discuss

• CLI - the server sides supports one to many grants for a contract but this would be hell for the CLI
• Additional gas costs - beside storage there are no extra gas costs on setup, see: x/authz pruning and gas cosmos/cosmos-sdk#8311 (comment)

[ethanfrey]

Great stuff. I think these limits and filters are a very good start.
There have been requests for more power, but those shouldn't be needed in v0.30.

Important for me is that the protobuf schema is built to be extensible to possibly add options features later in a backwards compatible way. Not sure if we need some version field or such for this? But then we can keep from feature creep but allow for more power later

[kakucodes]

Looking through this I'm unclear if it's possible to make a grant without either a call or coin limit which i think is important functionality to have.
https://github.com/CosmWasm/wasmd/pull/1077/files#diff-bc6731d23885842c30d0e91892b85312fcc8cc2bb8830b2a4488346929c8ccc9R39

[alpe]

Thanks for the feedback

@ethanfrey With the interfaces new functionality can be added easily. Can you elaborate on some of the advanced use cases, please?

@kakucodes

... if it's possible to make a grant without either a call or coin limit which i think is important functionality to have.

A call limit of 2^64 is almost infinite. I have removed the infinite declarations to reduce complexity. Can you elaborate on your use case, please?

[kakucodes]

Thanks for the feedback

@ethanfrey With the interfaces new functionality can be added easily. Can you elaborate on some of the advanced use cases, please?

@kakucodes

... if it's possible to make a grant without either a call or coin limit which i think is important functionality to have.

A call limit of 2^64 is almost infinite. I have removed the infinite declarations to reduce complexity. Can you elaborate on your use case, please?

This is a totally fair rationale, thank you for the explanation.
Typically for Yieldmos we request a grant with unlimited access to funds and work mainly off the expiration date. I see no reason why this would be any different now with the ContractExecutionAuthorization.

[ethanfrey]

First off, I think this currently solves the issues as requested in #803 (comment) perfectly. You can provide some account access to call "foo" and "bar" on address X as well as "baz" on address Y, right?

[ethanfrey]

@ethanfrey With the interfaces new functionality can be added easily. Can you elaborate on some of the advanced use cases, please?

My first two thoughts of an advanced use-cases would be:

• funds limits, but using cw20 rather than native (this can actually be handled via allowance already in cw20-base)
• define partial payloads. like {"vote": {"proposal": 47}} but not specifying yes or no (to sell one vote). or withdrawing to a fixed recipient but arbitrary amount. This falls between "specifying the method name" and "specifying exact bytes".

I am not sure these have many real world use cases, and the second one definitely brings up a huge design issue to do safely and clearly and I would not consider this for v0.30 or even v0.31

Anyway, just some food for thought on where this might grow next year and glad there is an extension point for this

[codecov]

Codecov Report

Merging #1077 (cc8d9bd) into main (bfb4bc0) will increase coverage by 0.88%.
The diff coverage is 76.81%.

@@            Coverage Diff             @@
##             main    #1077      +/-   ##
==========================================
+ Coverage   59.22%   60.10%   +0.88%     
==========================================
  Files          53       54       +1     
  Lines        6732     7061     +329     
==========================================
+ Hits         3987     4244     +257     
- Misses       2451     2516      +65     
- Partials      294      301       +7     

Impacted Files	Coverage Δ
app/test_helpers.go	0.80% <ø> (+0.01%)	⬆️
x/wasm/client/cli/tx.go	28.15% <0.00%> (-4.48%)	⬇️
x/wasm/types/errors.go	0.00% <ø> (ø)
x/wasm/types/authz.go	83.39% <83.39%> (ø)
x/wasm/types/codec.go	100.00% <100.00%> (ø)
x/wasm/types/json_matching.go	92.85% <100.00%> (ø)
x/wasm/types/tx.go	48.76% <100.00%> (+4.85%)	⬆️

[pinosu]

Excellent work! 🥇