Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(transfer): validate forwarding memo in transfer authorization #6591

Merged
merged 3 commits into from
Jun 13, 2024
Merged

feat(transfer): validate forwarding memo in transfer authorization #6591

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f7bf4a3
feat(transfer): validate forwarding memo in transfer authorization
gjermundgaraba Jun 13, 2024
2849b27
Merge branch 'feat/ics20-v2-path-forwarding' into gjermund/6588-valid…
gjermundgaraba Jun 13, 2024
7b44d37
Merge branch 'feat/ics20-v2-path-forwarding' into gjermund/6588-valid…
gjermundgaraba Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions modules/apps/transfer/types/transfer_authorization.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,13 @@ func (a TransferAuthorization) Accept(goCtx context.Context, msg proto.Message)
return authz.AcceptResponse{}, errorsmod.Wrap(ibcerrors.ErrInvalidAddress, "not allowed receiver address for transfer")
}

err := validateMemo(ctx, msgTransfer.Memo, a.Allocations[index].AllowedPacketData)
if err != nil {
memo := msgTransfer.Memo
// in the case of forwarded transfers, the actual memo is stored in the forwarding path until the final destination
if msgTransfer.Forwarding != nil && len(msgTransfer.Forwarding.Hops) > 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking at transfers validation I guess we could add similar helper as in Cian's recent PR and slightly tweak the validation in msg transfer to use it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I'll have a look at it separately.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks! (or open an issue and let some external contributor pick it up if you want)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#6595

memo = msgTransfer.Forwarding.Memo
}

if err := validateMemo(ctx, memo, a.Allocations[index].AllowedPacketData); err != nil {
return authz.AcceptResponse{}, err
}

Expand Down
68 changes: 68 additions & 0 deletions modules/apps/transfer/types/transfer_authorization_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,21 @@ func (suite *TypesTestSuite) TestTransferAuthorizationAccept() {
suite.Require().Nil(res.Updated)
},
},
{
"success: empty AllowedPacketData and empty memo in forwarding path",
func() {
allowedList := []string{}
transferAuthz.Allocations[0].AllowedPacketData = allowedList
msgTransfer.Forwarding = types.NewForwarding("", validHop)
},
func(res authz.AcceptResponse, err error) {
suite.Require().NoError(err)

suite.Require().True(res.Accept)
suite.Require().True(res.Delete)
suite.Require().Nil(res.Updated)
},
},
{
"success: AllowedPacketData allows any packet",
func() {
Expand All @@ -114,6 +129,21 @@ func (suite *TypesTestSuite) TestTransferAuthorizationAccept() {
suite.Require().Nil(res.Updated)
},
},
{
"success: AllowedPacketData allows any packet in forwarding path",
func() {
allowedList := []string{"*"}
transferAuthz.Allocations[0].AllowedPacketData = allowedList
msgTransfer.Forwarding = types.NewForwarding(testMemo1, validHop)
},
func(res authz.AcceptResponse, err error) {
suite.Require().NoError(err)

suite.Require().True(res.Accept)
suite.Require().True(res.Delete)
suite.Require().Nil(res.Updated)
},
},
{
"success: transfer memo allowed",
func() {
Expand All @@ -129,6 +159,21 @@ func (suite *TypesTestSuite) TestTransferAuthorizationAccept() {
suite.Require().Nil(res.Updated)
},
},
{
"success: transfer memo allowed in forwarding path",
func() {
allowedList := []string{testMemo1, testMemo2}
transferAuthz.Allocations[0].AllowedPacketData = allowedList
msgTransfer.Forwarding = types.NewForwarding(testMemo1, validHop)
},
func(res authz.AcceptResponse, err error) {
suite.Require().NoError(err)

suite.Require().True(res.Accept)
suite.Require().True(res.Delete)
suite.Require().Nil(res.Updated)
},
},
{
"empty AllowedPacketData but not empty memo",
func() {
Expand All @@ -140,6 +185,17 @@ func (suite *TypesTestSuite) TestTransferAuthorizationAccept() {
suite.Require().Error(err)
},
},
{
"empty AllowedPacketData but not empty memo in forwarding path",
func() {
allowedList := []string{}
transferAuthz.Allocations[0].AllowedPacketData = allowedList
msgTransfer.Forwarding = types.NewForwarding(testMemo1, validHop)
},
func(res authz.AcceptResponse, err error) {
suite.Require().Error(err)
},
},
{
"memo not allowed",
func() {
Expand All @@ -152,6 +208,18 @@ func (suite *TypesTestSuite) TestTransferAuthorizationAccept() {
suite.Require().ErrorContains(err, fmt.Sprintf("not allowed memo: %s", testMemo2))
},
},
{
"memo not allowed in forwarding path",
func() {
allowedList := []string{testMemo1}
transferAuthz.Allocations[0].AllowedPacketData = allowedList
msgTransfer.Forwarding = types.NewForwarding(testMemo2, validHop)
},
func(res authz.AcceptResponse, err error) {
suite.Require().Error(err)
suite.Require().ErrorContains(err, fmt.Sprintf("not allowed memo: %s", testMemo2))
},
},
{
"test multiple coins does not overspend",
func() {
Expand Down
Loading