Update proto

[wangjiulian]

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced new message types for liquidity management, including unilateral liquidity addition and removal.
  • Added functionality for querying farm pools, farmers, multi-token supplies, and NFT collections.
  • Enhanced NFT query capabilities with pagination and detailed responses.
  • Added new options for message signing in various transaction types.
  • Implemented new query options for total burned tokens.

• Improvements

  • Updated existing query methods to be safe for module queries.
  • Improved message signing options for various transactions, enhancing security.
  • Enhanced query functionalities for feeds and feed values in the oracle module.

• Bug Fixes

  • Resolved issues with message structures and added necessary fields for better data handling.

• Documentation

  • Updated proto files to reflect new options and imports for enhanced functionality.

[coderabbitai]

Walkthrough

The changes in this pull request encompass significant updates across multiple files related to the Cosmos SDK. Key modifications include the introduction of new message types for liquidity management, NFT queries, and token transactions. Additionally, several existing RPC methods have been enhanced with safety options for module queries. Import statements for new Cosmos SDK packages have been added to facilitate improved functionalities, particularly around message handling and query capabilities. Overall, the updates enhance the structure and functionality of the involved modules without altering existing core logic.

Changes

File Path	Change Summary
api/irismod/coinswap/tx.pulsar.go	Added new message types: MsgAddUnilateralLiquidity, MsgRemoveUnilateralLiquidity, MsgSwapOrder, and MsgUpdateParams. Updated existing message fields and descriptors.
api/irismod/farm/query.pulsar.go	Added new message types for farm queries and updated existing methods with getters and setters.
api/irismod/mt/query.pulsar.go	Introduced new message types for multi-token queries and updated existing balance query messages.
api/irismod/mt/tx.pulsar.go	Added import for cosmossdk.io/api/cosmos/msg/v1, no changes to existing message structures.
api/irismod/nft/query.pulsar.go	Added new query message types and pagination fields; updated existing message structures.
api/irismod/nft/tx.pulsar.go	Added imports for message handling and initialized message descriptors for NFT transactions.
api/irismod/oracle/query.pulsar.go	Added new message types for feed queries and updated existing structures with new fields.
api/irismod/oracle/tx.pulsar.go	Added import for message handling; no changes to existing message structures.
api/irismod/random/query.pulsar.go	Added import for query functionalities; no changes to existing message types.
api/irismod/random/tx.pulsar.go	Added import for message handling; no changes to existing message types.
api/irismod/record/query.pulsar.go	Added import for query functionalities; updated Record RPC method with safety option.
api/irismod/record/tx.pulsar.go	Added import for message handling; updated MsgCreateRecord with signer option.
api/irismod/token/v1beta1/query.pulsar.go	Added new message types for total burn queries and updated existing methods with safety options.
api/irismod/token/v1beta1/tx.pulsar.go	Added import for message handling; updated message types with signer options.
proto/irismod/coinswap/tx.proto	Added service option indicating the service is a Cosmos message service.
proto/irismod/farm/query.proto	Added import statement and updated RPC methods with safety options.
proto/irismod/mt/query.proto	Added import statement and updated RPC methods with safety options.
proto/irismod/mt/tx.proto	Added import statement and signer options for message types.
proto/irismod/nft/query.proto	Added import statement and updated RPC methods with safety options.
proto/irismod/nft/tx.proto	Added imports and signer options for message types.
proto/irismod/oracle/query.proto	Added import statement and updated RPC methods with safety options.
proto/irismod/oracle/tx.proto	Added import statement and signer options for message types.
proto/irismod/random/query.proto	Added import statement and updated RPC methods with safety options.
proto/irismod/random/tx.proto	Added import statement and signer option for MsgRequestRandom.
proto/irismod/record/query.proto	Added import statement and updated Record RPC method with safety option.
proto/irismod/record/tx.proto	Added import statement and signer option for MsgCreateRecord.
proto/irismod/token/v1beta1/query.proto	Added import statement and updated RPC methods with safety options.
proto/irismod/token/v1beta1/tx.proto	Added import statement and signer options for message types.
scripts/build/protobuf.mk	Updated Protobuf version from 0.13.0 to 0.14.0.

Poem

🐇 In the realm of code, we hop and play,
With messages new, we brighten the day.
Liquidity flows, and tokens align,
In the world of Cosmos, our changes shine!
So let’s celebrate, with a joyful cheer,
For every new feature that brings us near! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (7)

proto/irismod/record/query.proto (1)

14-14: LGTM: Module query safety enhancement

The addition of module_query_safe option is a good practice that enhances the safety of module queries. This change aligns with similar updates across other proto files in the codebase, establishing a consistent pattern for query safety.

This enhancement helps ensure that the Record query is properly sandboxed and safe for module-level operations, which is particularly important for record-keeping functionality.

proto/irismod/record/tx.proto (1)

19-19: LGTM! Enhanced security with explicit signer declaration.

The addition of (cosmos.msg.v1.signer) = "creator" properly identifies the authorized signer for record creation transactions, improving security by making the authorization requirements explicit in the protocol definition.

This change is part of a good architectural pattern being implemented across the codebase to standardize message signing, making the system more secure and maintainable.

proto/irismod/random/query.proto (1)

7-24: Consider implementing pagination for queue queries

While the safety enhancements are good, consider implementing pagination for the RandomRequestQueue query to:

1. Improve scalability
2. Prevent potential DoS vectors
3. Align with Cosmos SDK best practices

This could be done by:

1. Adding cosmos-sdk pagination types
2. Updating the request/response messages to support pagination
3. Implementing pagination in the keeper

proto/irismod/oracle/tx.proto (1)

Line range hint 1-95: Consider documenting the message signing requirements

These changes are part of a broader improvement in message handling security. Consider adding comments in the proto file explaining the signing requirements and validation rules for each message type. This would help developers understand the security model better.

Example documentation to add above each message:

// MsgCreateFeed defines a feed creation message.
// The creator field must be a valid account address that will sign the transaction.
// The signer must have sufficient permissions to create feeds.

🧰 Tools

🪛 buf (1.45.0)

4-4: import "gogoproto/gogo.proto": file does not exist

(COMPILE)

proto/irismod/nft/tx.proto (1)

5-6: Remove unused import

The cosmos/query/v1/query.proto import appears to be unused in this file. Consider removing it to keep the imports clean and relevant.

-import "cosmos/query/v1/query.proto";

proto/irismod/farm/query.proto (1)

17-17: LGTM: Query safety options consistently applied

The module_query_safe option has been appropriately added to all RPC methods in the Query service. This enhancement:

• Improves safety by marking these queries as safe for module execution
• Maintains consistency with similar updates in other modules (mt, nft, oracle)
• Preserves existing HTTP endpoint configurations

These safety options help prevent potential DOS attacks by ensuring queries are properly bounded and resource-aware. Consider applying similar safety options to any new query methods added in the future.

Also applies to: 23-23, 29-29, 35-35

api/irismod/token/v1beta1/query.pulsar.go (1)

5088-5088: Typo in comment: Incorrect message name in QueryTotalBurnRequest

The comment incorrectly refers to QueryTokenRequest instead of QueryTotalBurnRequest.

Apply this diff to correct the comment:

-// QueryTokenRequest is request type for the Query/TotalBurn RPC method
+// QueryTotalBurnRequest is request type for the Query/TotalBurn RPC method

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d76ae25 and 6888cde.

⛔ Files ignored due to path filters (14)

• modules/coinswap/types/tx.pb.go is excluded by !**/*.pb.go
• modules/farm/types/query.pb.go is excluded by !**/*.pb.go
• modules/mt/types/query.pb.go is excluded by !**/*.pb.go
• modules/mt/types/tx.pb.go is excluded by !**/*.pb.go
• modules/nft/types/query.pb.go is excluded by !**/*.pb.go
• modules/nft/types/tx.pb.go is excluded by !**/*.pb.go
• modules/oracle/types/query.pb.go is excluded by !**/*.pb.go
• modules/oracle/types/tx.pb.go is excluded by !**/*.pb.go
• modules/random/types/query.pb.go is excluded by !**/*.pb.go
• modules/random/types/tx.pb.go is excluded by !**/*.pb.go
• modules/record/types/query.pb.go is excluded by !**/*.pb.go
• modules/record/types/tx.pb.go is excluded by !**/*.pb.go
• modules/token/types/v1beta1/query.pb.go is excluded by !**/*.pb.go
• modules/token/types/v1beta1/tx.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (29)

• api/irismod/coinswap/tx.pulsar.go (2 hunks)
• api/irismod/farm/query.pulsar.go (2 hunks)
• api/irismod/mt/query.pulsar.go (2 hunks)
• api/irismod/mt/tx.pulsar.go (2 hunks)
• api/irismod/nft/query.pulsar.go (2 hunks)
• api/irismod/nft/tx.pulsar.go (2 hunks)
• api/irismod/oracle/query.pulsar.go (2 hunks)
• api/irismod/oracle/tx.pulsar.go (2 hunks)
• api/irismod/random/query.pulsar.go (2 hunks)
• api/irismod/random/tx.pulsar.go (2 hunks)
• api/irismod/record/query.pulsar.go (2 hunks)
• api/irismod/record/tx.pulsar.go (2 hunks)
• api/irismod/token/v1beta1/query.pulsar.go (2 hunks)
• api/irismod/token/v1beta1/tx.pulsar.go (2 hunks)
• proto/irismod/coinswap/tx.proto (1 hunks)
• proto/irismod/farm/query.proto (2 hunks)
• proto/irismod/mt/query.proto (1 hunks)
• proto/irismod/mt/tx.proto (7 hunks)
• proto/irismod/nft/query.proto (1 hunks)
• proto/irismod/nft/tx.proto (7 hunks)
• proto/irismod/oracle/query.proto (1 hunks)
• proto/irismod/oracle/tx.proto (5 hunks)
• proto/irismod/random/query.proto (1 hunks)
• proto/irismod/random/tx.proto (2 hunks)
• proto/irismod/record/query.proto (1 hunks)
• proto/irismod/record/tx.proto (2 hunks)
• proto/irismod/token/v1beta1/query.proto (2 hunks)
• proto/irismod/token/v1beta1/tx.proto (5 hunks)
• scripts/build/protobuf.mk (1 hunks)

✅ Files skipped from review due to trivial changes (7)

• api/irismod/mt/tx.pulsar.go
• api/irismod/oracle/tx.pulsar.go
• api/irismod/random/query.pulsar.go
• api/irismod/random/tx.pulsar.go
• api/irismod/record/tx.pulsar.go
• api/irismod/token/v1beta1/tx.pulsar.go
• scripts/build/protobuf.mk

🔇 Additional comments (55)

proto/irismod/record/query.proto (1)

6-6: LGTM: Import statement is correctly added

The new import for cosmos query is properly placed and necessary for the module query safe option.

proto/irismod/record/tx.proto (1)

6-6: LGTM! Required import for transaction signing.

The addition of cosmos/msg/v1/msg.proto import is necessary for the signer option and follows Cosmos SDK standards.

proto/irismod/random/tx.proto (2)

6-6: LGTM: Import statement correctly added

The import of cosmos/msg/v1/msg.proto is properly placed and necessary for the message signer functionality.

---

19-19: Verify consumer field usage and transaction signing flow

The addition of (cosmos.msg.v1.signer) = "consumer" designates the consumer field as the transaction signer. This is a security-critical change that affects message authorization.

Let's verify the consumer field usage:

Security considerations:

1. Ensure the consumer field is properly validated as an address
2. Verify that existing message handlers check signer authorization
3. Consider adding documentation about the signing requirements

✅ Verification successful

Let's search for more context about the message handling and validation. The previous commands failed due to file type restrictions, so we're using broader search patterns to understand the implementation details.

---

Based on the search results, I can verify that:

1. The consumer field is properly validated in the message handler (modules/random/types/msgs.go):

func (msg MsgRequestRandom) ValidateBasic() error {
    if _, err := sdk.AccAddressFromBech32(msg.Consumer); err != nil {
        return errorsmod.Wrapf(sdkerrors.ErrInvalidAddress, "invalid consumer address (%s)", err)
    }
    // ...
}

2. The consumer field is consistently used as the transaction signer (modules/random/types/msgs.go):

func (msg MsgRequestRandom) GetSigners() []sdk.AccAddress {
    consumer, err := sdk.AccAddressFromBech32(msg.Consumer)
    if err != nil {
        panic(err)
    }
    return []sdk.AccAddress{consumer}
}

3. The message handler properly processes the consumer field (modules/random/keeper/msg_server.go):

consumer, _ := sdk.AccAddressFromBech32(msg.Consumer)

Signer option aligns with implementation

The addition of (cosmos.msg.v1.signer) = "consumer" correctly reflects the existing implementation where the consumer field is used for transaction signing and validation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for existing uses of MsgRequestRandom to ensure compatibility
rg -t proto "MsgRequestRandom" --glob "!proto/irismod/random/tx.proto"

# Look for any existing message handlers that process this message type
ast-grep --pattern 'func $_($$) MsgRequestRandom {
  $$$
}'

Length of output: 162

---

Script:

#!/bin/bash
# Search for MsgRequestRandom in all files
rg "MsgRequestRandom" -A 5

# Search for consumer field validation patterns
rg "consumer.*valid" -i

# Look for any message server implementations
rg "MsgServer" -A 5

# Find proto files that may reference this message
fd ".proto$" --exec grep -l "random"

Length of output: 101669

proto/irismod/random/query.proto (3)

7-7: LGTM: Import addition is appropriate

The addition of the cosmos query import is necessary to support the new module query safety options and follows proto3 conventions.

---

22-22: Verify safety and performance of queue retrieval

While marking this RPC as module_query_safe is consistent with the changes, consider:

1. Performance implications of retrieving the entire queue
2. Potential need for pagination to handle large queue sizes

Let's verify the implementation:

---

15-15: Verify safety implications of Random RPC

While marking this RPC as module_query_safe aligns with the broader safety enhancements, please verify that:

1. The Random query is truly read-only
2. It doesn't expose sensitive information
3. It's safe to be called by other modules

Let's verify the implementation:

✅ Verification successful

Random RPC is safe for module-level queries

Based on the implementation verification:

• The Random query is purely read-only, using only Get operations on the store
• It only retrieves already committed random values using request IDs
• No sensitive information is exposed - it only returns random values that were previously generated and stored
• The implementation is simple and contains proper input validation

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for the Random query implementation to verify its safety
ast-grep --pattern 'func (k Keeper) Random($$$) ($$$) {
  $$$
}'

# Check for any state modifications in the implementation
rg -A 5 "Random.*\(.*\).*{" 

Length of output: 1503

---

Script:

#!/bin/bash
# Let's verify the GetRandom implementation to ensure it's read-only
ast-grep --pattern 'func (k Keeper) GetRandom($$$) ($$$) {
  $$$
}'

# Check for any state modifications in the random module
rg -i "set.*random" -A 3

# Check if there are any privileged operations or sensitive data handling
rg -i "random.*private|private.*random" -A 3

Length of output: 7598

proto/irismod/token/v1beta1/tx.proto (4)

5-5: LGTM: Import addition is appropriate

The addition of cosmos/msg/v1/msg.proto import is necessary to support the new signer options and follows Cosmos SDK conventions.

---

48-48: LGTM: Correct signer specification for ownership transfer

The signer option appropriately requires the source owner's signature, ensuring secure token ownership transfers.

---

60-60: LGTM: Proper authorization requirement for token editing

The signer option correctly ensures that only the token owner can modify token properties.

---

31-31: LGTM: Appropriate signer specification for token issuance

The signer option correctly specifies that the "owner" field must be the transaction signer, which enforces proper authorization for token issuance.

✅ Verification successful

LGTM: Signer option correctly specified and consistent with other token operations

The signer option for MsgIssueToken is correctly implemented and aligns with the module's authorization pattern:

• MsgIssueToken, MsgEditToken, and MsgMintToken all use "owner" as the signer, ensuring only token owners can perform these privileged operations
• MsgTransferTokenOwner uses "src_owner" which is appropriate for ownership transfer
• MsgBurnToken doesn't specify a signer option as it allows any token holder to burn their tokens

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify consistent signer implementation across token-related messages
ast-grep --pattern 'message MsgIssueToken {
  option (cosmos.msg.v1.signer) = "owner";
  $$$
  string owner = $_;
}'

Length of output: 118

---

Script:

#!/bin/bash
# Let's first check the content of the proto file to understand the message structure
cat proto/irismod/token/v1beta1/tx.proto

# Then let's search for any other message definitions with signer options
rg "option \(cosmos\.msg\.v1\.signer\)" proto/irismod/token/v1beta1/

Length of output: 3406

proto/irismod/oracle/query.proto (2)

10-10: LGTM: Import addition is correct and necessary

The added import for cosmos query proto is required to support the module_query_safe options.

---

18-18: LGTM: Consistent application of module_query_safe option

The module_query_safe option has been correctly added to all RPC methods in the Query service, maintaining consistency across the module's query interface.

Let's verify this pattern is consistently applied across other query.proto files in the irismod package:

Also applies to: 24-24, 30-30

✅ Verification successful

Verification confirms consistent module_query_safe option usage across all irismod query services

The verification results show perfect consistency across all irismod query.proto files, where every RPC method has the module_query_safe option applied:

• coinswap: 3/3 methods
• farm: 4/4 methods
• htlc: 4/4 methods
• mt: 7/7 methods
• nft: 6/6 methods
• oracle: 3/3 methods
• random: 2/2 methods
• record: 1/1 methods
• service: 13/13 methods
• token/v1: 6/6 methods
• token/v1beta1: 5/5 methods

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistency of module_query_safe option across query.proto files

# Find all query.proto files in irismod and check for module_query_safe option
fd -e proto -p "query.proto$" | while read -r file; do
  echo "=== Checking $file ==="
  # Count total rpc methods
  total_rpc=$(rg "^[[:space:]]*rpc[[:space:]]" "$file" | wc -l)
  # Count methods with module_query_safe
  safe_rpc=$(rg "option.*module_query_safe.*=.*true" "$file" | wc -l)
  echo "Total RPC methods: $total_rpc"
  echo "Methods with module_query_safe: $safe_rpc"
done

Length of output: 4918

proto/irismod/mt/tx.proto (3)

5-5: LGTM: Import addition follows Cosmos SDK conventions

The addition of cosmos/msg/v1/msg.proto import is correct and necessary for the signer declarations.

---

33-33: LGTM: Consistent signer declarations across all messages

The addition of (cosmos.msg.v1.signer) = "sender" option to all message types follows Cosmos SDK's best practices for explicit signer declarations. The implementation is consistent across all message types.

Also applies to: 47-47, 59-59, 75-75, 89-89, 104-104

---

33-33: Verify sender field usage in message handlers

Let's ensure the message handlers correctly validate the sender field for these operations.

Also applies to: 47-47, 59-59, 75-75, 89-89, 104-104

✅ Verification successful

Let me generate additional scripts to check the message handlers and verify sender validation:

The first script will help identify message handlers in the mt module and how they use the sender field. The second script will look for any sender validation in the keeper implementation.

---

Let me check the message handler implementations to verify how the sender is validated:

This will help us see the complete message handler implementations to verify how sender authorization is handled after the basic address validation.

---

Let me try a different approach to find the message handlers:

This should help us find the message handler implementations and any authorization checks in the keeper.

---

Let me check one more thing to verify the authorization checks:

This will help us understand how the authorization is implemented in the keeper methods that are called by the message handlers.

---

Sender field validation is properly implemented

Based on the code analysis, the sender field is properly validated in multiple layers:

1. Message level validation through ValidateBasic() checks the sender address format
2. Message handlers properly parse and validate the sender address
3. The keeper's Authorize() method enforces ownership validation by checking if the sender matches the denom owner
4. Specific operations like TransferOwner validate balances and TransferDenomOwner checks authorization

The implementation follows a secure pattern where:

• Basic address validation occurs first
• Authorization checks are performed before any state changes
• Balance checks are done where required
• Proper error handling is implemented at each layer

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if message handlers properly validate the sender field

# Look for keeper methods handling these messages
ast-grep --pattern 'func (k Keeper) $_(ctx $_, msg *types.Msg$_) (*types.$_, error) {
  $$$
  msg.Sender
  $$$
}'

# Look for any existing authorization checks
rg -A 3 'ValidateBasic|validateSender' --type go

Length of output: 61892

---

Script:

#!/bin/bash
# Look for message handlers in mt module that handle these messages
ast-grep --pattern 'func (k Keeper) $_(ctx $_, msg *types.Msg$_) error {
  $$$
  msg.Sender
  $$$
}'

# Look for authorization checks in mt keeper
rg -A 3 'ValidateSender|GetSender|msg.Sender' modules/mt/keeper/

Length of output: 1697

---

Script:

#!/bin/bash
# Look for the full message handler implementations
rg -A 20 "func \(k Keeper\) IssueDenom|func \(k Keeper\) TransferMT|func \(k Keeper\) EditMT|func \(k Keeper\) MintMT|func \(k Keeper\) BurnMT|func \(k Keeper\) TransferDenom" modules/mt/keeper/msg_server.go

Length of output: 209

---

Script:

#!/bin/bash
# Look for message server implementations
rg -A 20 "func \(m msgServer\)" modules/mt/keeper/msg_server.go

# Also check for any authorization checks in the keeper
rg -A 5 "IsAuthorized|HasOwner|IsOwner" modules/mt/keeper/

Length of output: 3482

---

Script:

#!/bin/bash
# Look for the Authorize and authorization-related functions
rg -A 10 "func \(k Keeper\) Authorize|func \(k Keeper\) TransferOwner|func \(k Keeper\) TransferDenomOwner" modules/mt/keeper/

Length of output: 1976

proto/irismod/oracle/tx.proto (2)

6-6: LGTM! Import addition aligns with Cosmos SDK practices

The addition of cosmos/msg/v1/msg.proto import is appropriate for supporting explicit signer declarations in message definitions.

---

27-27: LGTM! Consistent signer declarations enhance security

The addition of (cosmos.msg.v1.signer) = "creator" to all message types follows best practices by explicitly declaring the required transaction signer. The pattern is consistently applied across all message types.

Let's verify that all messages requiring signing have been updated:

Also applies to: 57-57, 67-67, 77-77

✅ Verification successful

All oracle message types have the required signer option

Looking at the search results, all four oracle message types (MsgCreateFeed, MsgStartFeed, MsgPauseFeed, and MsgEditFeed) in proto/irismod/oracle/tx.proto have the (cosmos.msg.v1.signer) = "creator" option properly set. No other oracle-related message types were found that would require the signer option.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for any remaining message definitions in oracle-related protos that might need signer options
rg -U "message\s+Msg[^\{]+\{(?:(?!\}).)*creator.*?(?=\})" --type proto

Length of output: 349

---

Script:

#!/bin/bash
# Search for message definitions in oracle-related protos
rg --pcre2 'message\s+Msg[^\{]+\{[^}]*creator[^}]*\}' --type proto

Length of output: 98

---

Script:

#!/bin/bash
# Search for signer options in oracle-related protos
rg 'option \(cosmos\.msg\.v1\.signer\)' --type proto

Length of output: 84

---

Script:

#!/bin/bash
# List all Msg types in proto files
ast-grep --pattern 'message Msg$_'

Length of output: 36

---

Script:

#!/bin/bash
# Search for message definitions and signer options without file type restriction
rg 'message\s+Msg' proto/
rg 'option \(cosmos\.msg\.v1\.signer\)' proto/

Length of output: 13194

---

Script:

#!/bin/bash
# List all proto files in the repository
fd '\.proto$'

Length of output: 1927

proto/irismod/token/v1beta1/query.proto (2)

7-7: LGTM: Import addition is correct and necessary

The new import for cosmos query module is properly placed and required for the module_query_safe options being added to the RPC methods.

---

19-19: LGTM: Consistent application of module_query_safe option

The module_query_safe option has been correctly and consistently applied to all RPC methods in the Query service. This enhancement improves safety by explicitly marking these queries as safe for module execution.

Let's verify the consistency of this change across other query protos:

Also applies to: 24-24, 29-29, 34-34, 39-39

✅ Verification successful

Let me try a different approach to verify the consistency of module_query_safe option across query protos.

---

LGTM: Verified consistent application of module_query_safe option across all query protos

The verification shows that the module_query_safe option is consistently applied across all RPC methods in all query.proto files in the codebase, including:

• token/v1beta1/query.proto
• token/v1/query.proto
• mt/query.proto
• service/query.proto
• record/query.proto
• nft/query.proto
• htlc/query.proto
• oracle/query.proto
• coinswap/query.proto
• random/query.proto
• farm/query.proto

This confirms that the change is part of a comprehensive and consistent implementation across the entire codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if module_query_safe is consistently applied across query protos
# Expected: All query RPCs should have the module_query_safe option

# Search for RPC definitions without module_query_safe in query.proto files
echo "Checking for RPCs without module_query_safe option..."
rg -t proto "rpc \w+\(" --files-with-matches | while read -r file; do
  if [[ $file == *"query.proto" ]]; then
    if ! grep -A 2 "rpc \w+\(" "$file" | grep -q "module_query_safe"; then
      echo "Warning: Found RPC without module_query_safe in $file"
      grep -A 2 "rpc \w+\(" "$file"
    fi
  fi
done

Length of output: 208

---

Script:

#!/bin/bash
# Search for all query.proto files and check their RPC definitions
echo "Searching for query.proto files..."
fd "query.proto$" --type f

echo -e "\nChecking RPC definitions in query.proto files..."
fd "query.proto$" --type f --exec sh -c '
    echo "\nFile: {}";
    echo "RPCs:";
    grep -A 2 "rpc " "{}"
'

Length of output: 11207

proto/irismod/nft/tx.proto (6)

55-55: LGTM: Proper signer designation for NFT transfer

The signer option correctly designates the 'sender' field as the authorized signer for NFT transfer operations.

---

73-73: LGTM: Proper signer designation for NFT editing

The signer option correctly designates the 'sender' field as the authorized signer for NFT modification operations.

---

90-90: LGTM: Proper signer designation for NFT minting

The signer option correctly designates the 'sender' field as the authorized signer for NFT minting operations.

---

108-108: LGTM: Proper signer designation for NFT burning

The signer option correctly designates the 'sender' field as the authorized signer for NFT burning operations.

---

34-34: LGTM: Proper signer designation for denom issuance

The signer option correctly designates the 'sender' field as the authorized signer for denom issuance operations.

✅ Verification successful

LGTM: Signer option correctly implemented and consistent

The verification confirms that:

• The MsgIssueDenom message properly designates "sender" as the signer, matching field R4R: Add a field "TokenURI" in MsgTransferNFT  #4 in the message definition
• This pattern is consistently used across related NFT and MT (Multi Token) messages
• The signer designation aligns with similar message patterns in other modules where "sender" is the transaction initiator

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify consistent signer field usage across related message types
ast-grep --pattern 'message Msg.*Denom {
  $$$
  string sender = $_;
  $$$
}'

Length of output: 79

---

Script:

#!/bin/bash
# Let's try a different approach to verify the message structure and signer option
rg -U "message Msg.*Denom \{[\s\S]*?\}" proto/

Length of output: 1914

---

Script:

#!/bin/bash
# Also check for all signer options in proto files to verify consistency
rg "option.*signer.*=.*" proto/

Length of output: 4977

---

Script:

#!/bin/bash
# Check for sender field usage in proto files
rg "string sender = \d+;" proto/

Length of output: 811

---

122-122: LGTM: Proper signer designation for denom transfer

The signer option correctly designates the 'sender' field as the authorized signer for denom transfer operations.

✅ Verification successful

The previous command might have failed due to the complex pattern. Let's try using ripgrep to search for message definitions with signer options in proto files. This will help us verify the consistency of signer implementations across message types.

---

Let's try searching specifically in the proto directory without relying on file type detection. This should help us verify the signer implementations across message types.

---

Let's examine the content of the specific proto file to verify the signer implementation in the context of all message definitions.

---

LGTM: Signer option implementation is consistent across all message types

The verification confirms that the cosmos.msg.v1.signer = "sender" option is properly implemented across all message types in the NFT module, including:

• MsgIssueDenom
• MsgTransferNFT
• MsgEditNFT
• MsgMintNFT
• MsgBurnNFT
• MsgTransferDenom

Each message type correctly designates the 'sender' field as the authorized signer, maintaining consistency throughout the protocol definition.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify consistent implementation of signer options across all message types
ast-grep --pattern 'message Msg.* {
  option \(cosmos\.msg\.v1\.signer\) = "sender";
  $$$
}'

Length of output: 95

---

Script:

#!/bin/bash
# Let's try a different approach to verify signer options in proto files
rg -U "message Msg.*?\{.*?signer.*?\}" --type proto

Length of output: 83

---

Script:

#!/bin/bash
# Search for message definitions and signer options in .proto files directly
rg -U "message Msg.*?\{.*?signer.*?\}" proto/

Length of output: 47

---

Script:

#!/bin/bash
# Let's try a simpler approach to find the content of tx.proto file
cat proto/irismod/nft/tx.proto

Length of output: 3798

proto/irismod/farm/query.proto (1)

6-6: LGTM: Import added for query safety options

The import statement is correctly placed and necessary for the module query safety features being added.

proto/irismod/mt/query.proto (3)

8-8: LGTM: Import addition is correct and necessary

The import of cosmos/query/v1/query.proto is required to support the module query safety options being added to the RPC methods.

---

16-52: LGTM: Consistent implementation of query safety options

The module_query_safe option has been consistently applied to all RPC methods in the Query service, maintaining a uniform safety standard across all query endpoints while preserving existing HTTP routing options.

---

16-16: Verify alignment with Cosmos SDK query safety standards

The addition of module_query_safe option to all query methods appears to be part of a broader safety enhancement. Let's verify this is aligned with Cosmos SDK standards.

Also applies to: 22-22, 28-28, 34-34, 40-40, 46-46, 52-52

✅ Verification successful

Query safety option is consistently implemented across modules

The verification shows that the module_query_safe option is widely and consistently used across all query RPCs in the irismod ecosystem:

• All query.proto files (coinswap, farm, htlc, mt, nft, oracle, random, record, service, token) implement this option
• The implementation is uniform with option (cosmos.query.v1.module_query_safe) = true
• This pattern is applied to all query methods within each module

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if other Cosmos SDK modules use similar query safety options
# Look for similar patterns in other proto files to confirm this is a standard practice

# Search for module_query_safe usage in other proto files
rg -l "module_query_safe" --type proto

# Check specific usage pattern
rg "option \(cosmos\.query\.v1\.module_query_safe\) = true" --type proto

Length of output: 173

---

Script:

#!/bin/bash
# Search for module_query_safe usage in proto files without relying on file type
rg -l "module_query_safe" "*.proto"

# Check specific usage pattern in proto files
rg "option.*module_query_safe.*true" "*.proto"

# List all proto files to verify if the search is working
find . -name "*.proto"

Length of output: 2227

---

Script:

#!/bin/bash
# Search for module_query_safe usage in all proto files using their actual paths
rg -l "module_query_safe" ./proto/irismod/

# Check specific usage pattern in all proto files under irismod
rg "option.*module_query_safe.*true" ./proto/irismod/

# Check query.proto files specifically for similar patterns
rg "option.*\(cosmos\.query\.v1\." ./proto/irismod/*/query.proto

Length of output: 9519

proto/irismod/nft/query.proto (2)

8-8: LGTM: Import addition is appropriate

The addition of the cosmos query import is necessary to support the new module query safety options.

---

16-16: LGTM: Consistent application of module query safety

The addition of module_query_safe option across all query methods follows best practices for Cosmos SDK module queries.

Let's verify if this is part of a broader migration pattern:

Also applies to: 22-22, 28-28, 34-34, 40-40, 46-46

✅ Verification successful

Module query safety option consistently applied across all query services

The verification confirms that the module_query_safe option is consistently applied across all query services in the codebase. All proto files containing query services (token, record, service, random, oracle, nft, mt, farm, htlc, coinswap) have implemented this safety feature, with no exceptions found. This indicates a complete and systematic migration pattern across all modules.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if other proto files follow the same pattern of adding module_query_safe

# Find all proto files and check for module_query_safe option
fd -e proto -x grep -l "module_query_safe" {} \;

# Check for query service definitions without module_query_safe
fd -e proto -x grep -l "service Query" {} \; | \
  xargs grep -L "module_query_safe" || echo "All Query services have module_query_safe"

Length of output: 521

proto/irismod/coinswap/tx.proto (1)

15-15: LGTM! Standard Cosmos SDK message service declaration.

The addition of option (cosmos.msg.v1.service) = true; follows Cosmos SDK best practices for message service definitions.

Let's verify this pattern is consistent with other module definitions:

✅ Verification successful

Consistent with module patterns across the codebase

The verification confirms that the option (cosmos.msg.v1.service) = true; declaration is consistently used across all Cosmos SDK module message services in the codebase, including token, service, farm, and htlc modules. This follows the standard pattern for Cosmos SDK message service definitions.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if other Cosmos SDK modules follow the same pattern
# Expected: Similar message service declarations in other proto files

# Search for similar message service declarations in other proto files
rg -U "service Msg \{[\s\S]*?option \(cosmos\.msg\.v1\.service\) = true;" proto/

Length of output: 659

api/irismod/record/query.pulsar.go (3)

5-5: LGTM: Import added for module query safety support.

The blank import of the cosmos query package is correctly added to support the module query safety feature.

---

966-995: LGTM: Generated protobuf descriptor data.

These changes are automatically generated from the protobuf definitions and correctly reflect the addition of module query safety options.

---

976-983: Verify module query safety configuration.

The Record RPC method has been configured with module query safety. Let's verify if this is consistently applied across all relevant query methods in the module.

api/irismod/nft/tx.pulsar.go (4)

5-6: LGTM: Required Cosmos SDK imports added

The added imports for message and query handling from the Cosmos SDK are appropriate and follow conventions.

---

7500-7630: LGTM: Well-structured NFT message definitions

The message definitions are well-structured with:

• Proper field descriptors for all NFT operations
• Appropriate response types for each message
• Correct sender field annotations for transaction signing

---

7591-7620: LGTM: Complete NFT service interface defined

The service interface provides a comprehensive set of NFT operations with:

• All essential NFT management methods
• Proper request/response type mappings
• Standard Cosmos SDK service patterns

---

Line range hint 1-4: Verify proto file generation

As this is a generated file, please ensure the proto definitions in proto/irismod/nft/tx.proto match these message definitions.

✅ Verification successful

Let me verify the proto definitions for the NFT module since the file under review is api/irismod/nft/tx.pulsar.go.

---

Let me try another approach to verify the proto definitions for the NFT module.

---

Let me search for the tx.proto file specifically for the NFT module.

---

Based on the verification of both the generated code in api/irismod/nft/tx.pulsar.go and the proto definition in tx.proto, I can now provide the final response:

Generated code correctly matches proto definitions

The generated Pulsar code in api/irismod/nft/tx.pulsar.go is correctly generated from the NFT module's tx.proto definitions. The imports and package declaration match the proto file's configuration, and the file contains the appropriate "DO NOT EDIT" header for generated code.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify proto definitions match generated code
# Check for proto file and its content
fd -t f "tx.proto" -x cat {}

Length of output: 48159

---

Script:

#!/bin/bash
# Check the content of the generated file
cat api/irismod/nft/tx.pulsar.go

Length of output: 131136

---

Script:

#!/bin/bash
# Search for NFT proto files in the repository
fd -t f "nft.*\.proto$" -x cat {}

Length of output: 1893

---

Script:

#!/bin/bash
# Search for NFT tx.proto file in the repository
fd -t f "tx.proto" | grep -i "nft" | xargs cat

Length of output: 3810

api/irismod/oracle/query.pulsar.go (2)

7-7: Verify the necessity of the added import

The import _ "cosmossdk.io/api/cosmos/query/v1" has been added for its side effects. Please ensure that this import is required and that its inclusion aligns with the project dependencies.

Run the following script to check for references to this package:

✅ Verification successful

Import is consistent with project-wide patterns

The import _ "cosmossdk.io/api/cosmos/query/v1" is consistently used across multiple query-related files in the project. It appears in 12 different .pulsar.go files within the api/irismod directory, indicating this is a deliberate and established pattern for query implementations in this codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for usages of `cosmossdk.io/api/cosmos/query/v1` in the codebase.

rg '"cosmossdk\.io/api/cosmos/query/v1"'

Length of output: 913

---

4243-4349: Ensure generated code aligns with updated .proto files

The changes between lines 4243 and 4349 indicate updates to generated code, likely from the .proto definitions. Please verify that the corresponding .proto files have been updated and that the code generation tool is up-to-date.

Run the following script to list the modification dates of related .proto files:

Ensure that the .proto files reflect the latest definitions and regenerate the Go code if necessary.

✅ Verification successful

Let me search for proto files across the repository to understand the directory structure and locate the relevant files.

---

Let me try to locate the proto files first without using stat command, then we can examine their content to verify the changes.

---

Let me check the content of the oracle query proto file to verify if it matches with the generated code.

---

Generated code matches the proto definition

The binary data in the generated file api/irismod/oracle/query.pulsar.go correctly corresponds to the proto definition in proto/irismod/oracle/query.proto. The generated code includes all the message types (QueryFeedRequest, QueryFeedResponse, etc.) and service definitions exactly as specified in the proto file, including the correct field types, tags, and options.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: List `.proto` files in the `irismod/oracle` module and their last modification dates.

fd '.+\.proto$' irismod/oracle --exec stat --format '%y %n' {}

Length of output: 168

---

Script:

#!/bin/bash
# Let's try searching from the repository root for proto files
fd '.+\.proto$' --exec stat --format '%y %n' {}

Length of output: 2031

---

Script:

#!/bin/bash
# Let's first find proto files and then check their content
fd '.+\.proto$'

Length of output: 1929

---

Script:

#!/bin/bash
# Let's examine the oracle proto files content
cat proto/irismod/oracle/query.proto

Length of output: 3047

api/irismod/token/v1beta1/query.pulsar.go (1)

7-7: Addition of import "cosmossdk.io/api/cosmos/query/v1"

The added import is appropriate and necessary for the new message types and functionalities introduced.

api/irismod/farm/query.pulsar.go (1)

7-7: Import addition looks good

The addition of the import _ "cosmossdk.io/api/cosmos/query/v1" aligns with the integration of new query functionalities across the project.

api/irismod/nft/query.pulsar.go (6)

6-6: Approved: Addition of necessary import for query capabilities

The import _ "cosmossdk.io/api/cosmos/query/v1" is correctly added to support the new query functionalities, particularly the inclusion of pagination support in the NFT queries.

---

Line range hint 17-19: Approved: Initialization of message descriptors

The initialization of message descriptors for QuerySupplyRequest ensures that the fields denom_id and owner are correctly referenced, which is essential for accurate message handling.

---

Line range hint 364-389: Approved: QueryNFTsOfOwnerRequest includes pagination for efficient querying

The QueryNFTsOfOwnerRequest message now includes a Pagination field, enabling paginated responses which improve the efficiency and usability of owner NFT queries.

---

Line range hint 712-737: Approved: QueryCollectionRequest updated to support pagination

The QueryCollectionRequest struct now includes the Pagination field. This addition allows clients to request collections in a paginated manner, enhancing performance for large datasets.

---

Line range hint 1015-1040: Approved: Introduction of QueryDenomsRequest with pagination

The QueryDenomsRequest message is appropriately introduced with a Pagination field to support efficient querying of NFT denominations across the network.

---

Line range hint 1365-1390: Approved: QueryNFTRequest and QueryNFTResponse correctly include NFT details

The QueryNFTRequest and QueryNFTResponse messages are correctly defined to handle detailed NFT queries, allowing clients to retrieve specific NFT information effectively.

api/irismod/coinswap/tx.pulsar.go (4)

Line range hint 1-1: LGTM!

The package declaration and import statements look good.

---

Line range hint 5-5: LGTM!

The blank import of cosmossdk.io/api/cosmos/msg/v1 is correct for registering the Msg service.

---

Line range hint 12-12: LGTM!

The blank import of github.com/cosmos/gogoproto/gogoproto is correct for registering the gogo protobuf extensions.

---

Line range hint 1-1: Verify the proto file option is set correctly.

The proto file option option (cosmos.msg.v1.service) = true; needs to be set in the irismod/coinswap/tx.proto file to correctly register the Msg service. Please verify this option is present.

Run the following script to verify the proto file option:

✅ Verification successful

Proto file option is correctly set

The verification confirms that the required option option (cosmos.msg.v1.service) = true; is present in the proto/irismod/coinswap/tx.proto file.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the `option (cosmos.msg.v1.service) = true;` is set in tx.proto

# Test: Check if the option is present in tx.proto. Expect: Option found.
rg $'option \(cosmos\.msg\.v1\.service\) = true;' proto/irismod/coinswap/tx.proto

Length of output: 123

api/irismod/mt/query.pulsar.go (1)

6-6: Verify the usage of the new import across the codebase.

The new import cosmossdk.io/api/cosmos/query/v1 has been added, which aligns with similar updates in other files like api/irismod/farm/query.pulsar.go, api/irismod/oracle/query.pulsar.go, etc.

Ensure that the new functionalities provided by this import are being utilized correctly and consistently across the codebase.

Run the following script to verify the usage of the new import:

✅ Verification successful

Import usage is consistent across query files

The import cosmossdk.io/api/cosmos/query/v1 is consistently used as a blank import (_) across all relevant query files in the codebase, including farm, random, token, service, oracle, coinswap, htlc, nft, and record modules. This is a standard pattern for Protobuf-generated files in Cosmos SDK modules.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify usage of `cosmossdk.io/api/cosmos/query/v1` import.

# Test: Search for import statement. Expect: Import present in other relevant files.
rg $'cosmossdk.io/api/cosmos/query/v1' $(fd -e pulsar.go$)

Length of output: 930

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

proto/irismod/random/tx.proto (1)

12-13: LGTM: Proper integration with Cosmos SDK message handling

The addition of cosmos.msg.v1.service option correctly identifies this as a Cosmos message service, enabling proper integration with the SDK's message handling infrastructure.

This change ensures the service follows the standard Cosmos SDK patterns for message handling and will be properly recognized by the SDK's runtime.

proto/irismod/oracle/tx.proto (1)

Line range hint 1-99: Architectural Enhancement: Improved Transaction Security

These changes strengthen the module's security model by:

1. Explicitly defining message signers
2. Integrating with Cosmos SDK's message handling framework
3. Maintaining consistency across all message types

This enhancement ensures proper transaction validation and authorization at the protocol level.

🧰 Tools

🪛 buf (1.45.0)

4-4: import "gogoproto/gogo.proto": file does not exist

(COMPILE)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 2f5afe5 and 1a2b2a3.

⛔ Files ignored due to path filters (6)

• modules/mt/types/tx.pb.go is excluded by !**/*.pb.go
• modules/nft/types/tx.pb.go is excluded by !**/*.pb.go
• modules/oracle/types/tx.pb.go is excluded by !**/*.pb.go
• modules/random/types/tx.pb.go is excluded by !**/*.pb.go
• modules/record/types/tx.pb.go is excluded by !**/*.pb.go
• modules/token/types/v1beta1/tx.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (12)

• api/irismod/mt/tx.pulsar.go (2 hunks)
• api/irismod/nft/tx.pulsar.go (2 hunks)
• api/irismod/oracle/tx.pulsar.go (2 hunks)
• api/irismod/random/tx.pulsar.go (2 hunks)
• api/irismod/record/tx.pulsar.go (2 hunks)
• api/irismod/token/v1beta1/tx.pulsar.go (2 hunks)
• proto/irismod/mt/tx.proto (7 hunks)
• proto/irismod/nft/tx.proto (7 hunks)
• proto/irismod/oracle/tx.proto (5 hunks)
• proto/irismod/random/tx.proto (1 hunks)
• proto/irismod/record/tx.proto (1 hunks)
• proto/irismod/token/v1beta1/tx.proto (6 hunks)

✅ Files skipped from review due to trivial changes (1)

• api/irismod/oracle/tx.pulsar.go

🚧 Files skipped from review as they are similar to previous changes (7)

• api/irismod/mt/tx.pulsar.go
• api/irismod/random/tx.pulsar.go
• api/irismod/record/tx.pulsar.go
• api/irismod/token/v1beta1/tx.pulsar.go
• proto/irismod/nft/tx.proto
• proto/irismod/record/tx.proto
• proto/irismod/token/v1beta1/tx.proto

🔇 Additional comments (10)

proto/irismod/random/tx.proto (2)

6-6: LGTM: Required import for Cosmos message options

The addition of the cosmos message import aligns with Cosmos SDK best practices and is necessary for the new message options.

---

21-21: Verify impact on existing message handling

The addition of the signer option correctly identifies the "consumer" field as the message signer, following Cosmos SDK patterns.

Let's verify that this change doesn't break existing message handling:

✅ Verification successful

Let me generate one more verification script to check the message handler implementation:

This will help us verify how the message is actually handled and if there are any existing authorization checks that could be impacted by the signer option addition.

---

Let me check one more thing - the actual message handler implementation in the keeper:

This will help us verify the actual business logic implementation and any existing authorization checks.

---

Let me try one final search with a broader pattern to find the keeper implementation:

This will help us locate the actual message handling implementation in the keeper package.

---

Let me check the actual implementation of the keeper's RequestRandom method:

This will show us how the request is handled and if there are any existing authorization checks that could be affected by the signer option.

---

Based on the verification results, I can now provide the final response:

Signer option addition is safe and consistent with implementation

The addition of (cosmos.msg.v1.signer) = "consumer" correctly aligns with the existing implementation:

• The message handler accepts the consumer as a parameter and converts it to an address
• The keeper's RequestRandom method uses this consumer address as the authorized party
• No conflicting authorization checks were found in the codebase
• The consumer field is already used as the primary actor in the transaction

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for existing message handling code that might be affected
rg -t go "MsgRequestRandom" -A 5

# Look for any existing custom authorization checks
ast-grep --pattern 'func $_(msg *MsgRequestRandom) $_ {
  $$$
}'

Length of output: 70358

---

Script:

#!/bin/bash
# Look for the message handler implementation
rg -t go "func.*RequestRandom.*context.Context.*MsgRequestRandom.*error" -A 10

Length of output: 3373

---

Script:

#!/bin/bash
# Look for the keeper implementation of RequestRandom
rg -t go "func.*keeper.*RequestRandom.*Context.*error" -A 10

Length of output: 62

---

Script:

#!/bin/bash
# Search for RequestRandom implementation in keeper
rg -t go "RequestRandom" modules/random/keeper/

Length of output: 802

---

Script:

#!/bin/bash
# Get the keeper's RequestRandom implementation
rg -t go "^func.*Keeper.*RequestRandom" modules/random/keeper/keeper.go -A 20

Length of output: 631

proto/irismod/mt/tx.proto (3)

5-5: LGTM: Import addition is appropriate

The addition of cosmos/msg/v1/msg.proto import is necessary to support the new message handling options and follows proper proto3 conventions.

---

11-11: LGTM: Service option follows Cosmos SDK standards

The addition of (cosmos.msg.v1.service) = true properly identifies this as a Cosmos SDK message service.

---

35-35: LGTM: Consistent signer declarations across all messages

The addition of (cosmos.msg.v1.signer) = "sender" to all message types properly identifies the signing field and follows Cosmos SDK authentication patterns. The implementation is consistent across all message types.

Let's verify that all message types have the corresponding sender field:

Also applies to: 49-49, 61-61, 77-77, 91-91, 106-106

✅ Verification successful

Verified: All message types correctly implement sender field with signer option

After reviewing the proto file content, I can confirm that all message types (MsgIssueDenom, MsgTransferDenom, MsgMintMT, MsgEditMT, MsgTransferMT, MsgBurnMT) have both:

• The option (cosmos.msg.v1.signer) = "sender" declaration
• A corresponding string sender field in their message definition

The implementation is consistent and follows the Cosmos SDK authentication patterns correctly.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that all messages with signer option have a sender field
# Expected: Each message should have both the signer option and a sender field

# Search for messages with signer option and verify sender field
ast-grep --pattern 'message Msg$_ {
  option (cosmos.msg.v1.signer) = "sender";
  $$$
  string sender = $_;
  $$$
}'

Length of output: 118

---

Script:

#!/bin/bash
# Let's try a different approach to verify the sender fields
# First, let's check the content of the proto file
cat proto/irismod/mt/tx.proto

Length of output: 3185

proto/irismod/oracle/tx.proto (3)

6-6: LGTM: Import addition aligns with Cosmos SDK message signing framework

The addition of cosmos/msg/v1/msg.proto import is necessary for the message signing options and follows proper protobuf conventions.

---

12-12: LGTM: Service option enables Cosmos SDK message handling

The addition of (cosmos.msg.v1.service) = true properly integrates this service with the Cosmos SDK message handling framework.

---

29-29: LGTM: Consistent signer definitions enhance security

The addition of (cosmos.msg.v1.signer) = "creator" to all message types properly defines transaction authorization requirements. The signer field consistently matches the existing creator field in each message structure.

Let's verify that all messages requiring signing have been updated:

Also applies to: 59-59, 69-69, 79-79

✅ Verification successful

Verified: All message types requiring signing have proper signer options

After reviewing the complete tx.proto file, I can confirm that all message types that require signing (MsgCreateFeed, MsgStartFeed, MsgPauseFeed, and MsgEditFeed) have the correct (cosmos.msg.v1.signer) = "creator" option. The response messages (MsgCreateFeedResponse, MsgStartFeedResponse, MsgPauseFeedResponse, and MsgEditFeedResponse) don't require signer options as they are return types.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for any remaining message definitions in oracle module that might need signer options
ast-grep --pattern 'message Msg$$$Feed {
  $$$
}' proto/irismod/oracle/tx.proto

Length of output: 81

---

Script:

#!/bin/bash
# Let's try a different approach to find all message definitions in tx.proto
cat proto/irismod/oracle/tx.proto

Length of output: 3582

api/irismod/nft/tx.pulsar.go (2)

5-6: LGTM: Proper integration with Cosmos SDK messaging system

The added imports for Cosmos SDK API packages properly integrate the NFT module with the core Cosmos SDK messaging and query capabilities.

---

7500-7630: Verify message handling safety

The message definitions follow Cosmos SDK patterns and include proper validation. However, we should verify that all message handlers properly validate these fields before processing.

Consider adding the following safety measures:

1. Input validation for all string fields (id, name, uri etc.)
2. Access control checks in message handlers
3. Gas cost considerations for operations

✅ Verification successful

Based on the search results showing the message handlers in the NFT keeper and the extensive validation code found earlier, I can now generate the final response:

NFT message validation is properly implemented with multi-layer checks

The codebase implements proper validation through:

1. Message-level validation via ValidateBasic() that checks:

   • Valid addresses for sender/recipient
   • Valid denom ID format
   • Valid token ID format
   • Valid URI format
   • Valid JSON for metadata

2. Keeper-level validation that:

   • Verifies sender permissions
   • Validates state transitions
   • Checks existence of NFTs/denoms
   • Enforces ownership rules

The validation follows security best practices by:

• Validating all inputs before state changes
• Using standardized validation functions
• Implementing proper access control checks
• Following the principle of complete mediation

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for message handlers to verify field validation
ast-grep --pattern 'func (k Keeper) $_(ctx sdk.Context, msg *types.Msg$_) error {
  $$$
}'

Length of output: 92

---

Script:

#!/bin/bash
# Search for message handlers with different patterns to verify field validation
# Try multiple patterns since the first one didn't match

# Pattern 1: Look for keeper methods handling NFT messages
rg -l "func.*Keeper.*MsgIssueDenom|MsgTransferNFT|MsgEditNFT|MsgMintNFT|MsgBurnNFT|MsgTransferDenom" --type go

# Pattern 2: Look for validation code
rg "ValidateBasic|Validate.*" --type go -A 5

# Pattern 3: Look for specific keeper methods
ast-grep --pattern 'func (k *Keeper) $_(ctx $_, msg $_) $_ {
  $$$
}'

Length of output: 164423

---

Script:

#!/bin/bash
# Search for NFT message handlers in the keeper
rg -A 10 "func.*Keeper.*MsgIssueDenom|MsgTransferNFT|MsgEditNFT|MsgMintNFT|MsgBurnNFT|MsgTransferDenom" modules/nft/keeper/msg_server.go

# Look for validation checks in the NFT keeper
rg "ValidateDenomID|ValidateTokenID|ValidateTokenURI" modules/nft/keeper/

Length of output: 1990