cosmos · crodriguezvega · Dec 14, 2023 · Nov 30, 2023 · Nov 30, 2023 · Nov 30, 2023
@@ -22,13 +22,16 @@ It takes:
 
 - an `AllowList` list that specifies the list of addresses that are allowed to receive funds. If this list is empty, then all addresses are allowed to receive funds from the `TransferAuthorization`.
 
+- an `AllowPacketDataList` list that specifies the list of memo that are allowed to send the packet. If this list is empty, then only allow empty memo packet (any other type of `memo` will be denied). If this list is `"*"`, then allow any type of `memo`
+
 Setting a `TransferAuthorization` is expected to fail if:
 
 - the spend limit is nil
 - the denomination of the spend limit is an invalid coin type
 - the source port ID is invalid
 - the source channel ID is invalid
 - there are duplicate entries in the `AllowList`
+- the packet `memo` not allowed by `AllowPacketDataList`
 
 Below is the `TransferAuthorization` message:
 
@@ -48,6 +51,9 @@ type Allocation struct {
   SpendLimit sdk.Coins  
   // allow list of receivers, an empty allow list permits any receiver address
   AllowList []string 
+  // allow list of packet data keys, an empty list.
+	// an empty list prohibits all packet data keys; a list only with "*" permits any packet data key
+	AllowPacketDataList []string 
 }
 
 ```
@@ -30,6 +30,9 @@ const (
 	// DenomPrefix is the prefix used for internal SDK coin representation.
 	DenomPrefix = "ibc"
 
+	// AllowAllPacketDataKeys holds the string key that allows all packet data keys in authz transfer messages
+	AllowAllPacketDataKeys = "*"
+
 	KeyTotalEscrowPrefix = "totalEscrowForDenom"
 
 	ParamsKey = "params"

@@ -2,7 +2,11 @@
 
 import (
 	"context"
+	"encoding/json"
+	fmt "fmt"
 	"math/big"
+	"slices"
+	"strings"
 
 	"github.com/cosmos/gogoproto/proto"
 
@@ -50,6 +54,15 @@
 			return authz.AcceptResponse{}, errorsmod.Wrap(ibcerrors.ErrInvalidAddress, "not allowed receiver address for transfer")
 		}
 
+		isAllowedPacket, err := areAllowedPacketDataKeys(sdk.UnwrapSDKContext(ctx), msgTransfer.Memo, allocation.AllowPacketDataList)
+		if err != nil {
+			return authz.AcceptResponse{}, err
+		}
+
+		if !isAllowedPacket {
+			return authz.AcceptResponse{}, errorsmod.Wrap(ibcerrors.ErrInvalidRequest, "not allowed packet data type for transfer")
+		}
+
 		// If the spend limit is set to the MaxUint256 sentinel value, do not subtract the amount from the spend limit.
 		if allocation.SpendLimit.AmountOf(msgTransfer.Token.Denom).Equal(UnboundedSpendLimit()) {
 			return authz.AcceptResponse{Accept: true, Delete: false, Updated: nil}, nil
@@ -145,6 +158,39 @@
 	return false
 }
 
+// areAllowedPacketDataKeys returns a boolean indicating if the memo is valid for transfer.
+func areAllowedPacketDataKeys(ctx sdk.Context, memo string, allowedPacketDataList []string) (bool, error) {
+	// if the allow list is empty, then the memo must be an empty string
+	if len(allowedPacketDataList) == 0 {
+		return len(strings.TrimSpace(memo)) == 0, nil
+	}
+
+	// if allowedPacketData have only 1 elements and it equal AllowAllPacketDataKeys
+	// then accept all the packet
+	if len(allowedPacketDataList) == 1 && allowedPacketDataList[0] == AllowAllPacketDataKeys {
+		return true, nil
+	}
+
+	// unmarshal memo
+	jsonObject := make(map[string]interface{})
+	err := json.Unmarshal([]byte(memo), &jsonObject)
+	if err != nil {
+		return false, err
+	}
+
+	gasCostPerIteration := ctx.KVGasConfig().IterNextCostFlat
+
+	for key := range jsonObject {
+		ctx.GasMeter().ConsumeGas(gasCostPerIteration, "transfer authorization")
+
+		if !slices.Contains(allowedPacketDataList, key) {
+			return false, fmt.Errorf("not allowed packet data key: %s", key)
+		}
+	}
+
+	return true, nil
+}
+
 // UnboundedSpendLimit returns the sentinel value that can be used
 // as the amount for a denomination's spend limit for which spend limit updating
 // should be disabled. Please note that using this sentinel value means that a grantee

@@ -101,6 +101,72 @@
 				suite.Require().Nil(res.Updated)
 			},
 		},
+		{
+			"success: empty allowedPacketDataList and empty memo",
+			func() {
+				allowedList := []string{}
+				transferAuthz.Allocations[0].AllowPacketDataList = allowedList
+			},
+			func(res authz.AcceptResponse, err error) {
+				suite.Require().NoError(err)
+
+				suite.Require().True(res.Accept)
+				suite.Require().True(res.Delete)
+				suite.Require().Nil(res.Updated)
+			},
+		},
+		{
+			"success: allowedPacketDataList allow any packet",
+			func() {
+				allowedList := []string{"*"}
+				transferAuthz.Allocations[0].AllowPacketDataList = allowedList
+				msgTransfer.Memo = `{"wasm":{"contract":"osmo1c3ljch9dfw5kf52nfwpxd2zmj2ese7agnx0p9tenkrryasrle5sqf3ftpg","msg":{"osmosis_swap":{"output_denom":"uosmo","slippage":{"twap":{"slippage_percentage":"20","window_seconds":10}},"receiver":"feeabs/feeabs1efd63aw40lxf3n4mhf7dzhjkr453axurwrhrrw","on_failed_delivery":"do_nothing"}}}}`
+			},
+			func(res authz.AcceptResponse, err error) {
+				suite.Require().NoError(err)
+
+				suite.Require().True(res.Accept)
+				suite.Require().True(res.Delete)
+				suite.Require().Nil(res.Updated)
+			},
+		},
+		{
+			"success: transfer memo allowed",
+			func() {
+				allowedList := []string{"wasm", "forward"}
+				transferAuthz.Allocations[0].AllowPacketDataList = allowedList
+				msgTransfer.Memo = `{"wasm":{"contract":"osmo1c3ljch9dfw5kf52nfwpxd2zmj2ese7agnx0p9tenkrryasrle5sqf3ftpg","msg":{"osmosis_swap":{"output_denom":"uosmo","slippage":{"twap":{"slippage_percentage":"20","window_seconds":10}},"receiver":"feeabs/feeabs1efd63aw40lxf3n4mhf7dzhjkr453axurwrhrrw","on_failed_delivery":"do_nothing"}}}}`
+			},
+			func(res authz.AcceptResponse, err error) {
+				suite.Require().NoError(err)
+
+				suite.Require().True(res.Accept)
+				suite.Require().True(res.Delete)
+				suite.Require().Nil(res.Updated)
+			},
+		},
+		{
+			"error: empty allowedPacketDataList but not empty memo",
+			func() {
+				allowedList := []string{}
+				transferAuthz.Allocations[0].AllowPacketDataList = allowedList
+				msgTransfer.Memo = `{"wasm":{"contract":"osmo1c3ljch9dfw5kf52nfwpxd2zmj2ese7agnx0p9tenkrryasrle5sqf3ftpg","msg":{"osmosis_swap":{"output_denom":"uosmo","slippage":{"twap":{"slippage_percentage":"20","window_seconds":10}},"receiver":"feeabs/feeabs1efd63aw40lxf3n4mhf7dzhjkr453axurwrhrrw","on_failed_delivery":"do_nothing"}}}}`
+			},
+			func(res authz.AcceptResponse, err error) {
+				suite.Require().Error(err)
+			},
+		},
+		{
+			"error: memo not allowed",
+			func() {
+				allowedList := []string{"forward"}
+				transferAuthz.Allocations[0].AllowPacketDataList = allowedList
+				msgTransfer.Memo = `{"wasm":{"contract":"osmo1c3ljch9dfw5kf52nfwpxd2zmj2ese7agnx0p9tenkrryasrle5sqf3ftpg","msg":{"osmosis_swap":{"output_denom":"uosmo","slippage":{"twap":{"slippage_percentage":"20","window_seconds":10}},"receiver":"feeabs/feeabs1efd63aw40lxf3n4mhf7dzhjkr453axurwrhrrw","on_failed_delivery":"do_nothing"}}}}`
+			},
+			func(res authz.AcceptResponse, err error) {
+				suite.Require().Error(err)
+			},
+		},
 		{
 			"test multiple coins does not overspend",
 			func() {

@@ -19,6 +19,9 @@ message Allocation {
       [(gogoproto.nullable) = false, (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"];
   // allow list of receivers, an empty allow list permits any receiver address
   repeated string allow_list = 4;
+  // allow list of packet data keys, an empty list.
+  // an empty list prohibits all packet data keys; a list only with "*" permits any packet data key
+  repeated string allow_packet_data_list = 5;
 }
 
 // TransferAuthorization allows the grantee to spend up to spend_limit coins from