bypass permissionless concentrated liquidity checks

proto/osmosis/concentrated-liquidity/params.proto

@@ -56,4 +56,11 @@ message Params {
   bool is_permissionless_pool_creation_enabled = 6
       [ (gogoproto.moretags) =
             "yaml:\"is_permissionless_pool_creation_enabled\"" ];
+
+  // unrestricted_pool_creator_whitelist is a list of addresses that are
+  // allowed to bypass restrictions on permissionless supercharged pool
+  // creation, like pool_creation_enabled, restricted quote assets, no
+  // double creation of pools, etc.
+  repeated string unrestricted_pool_creator_whitelist = 7
+      [ (gogoproto.moretags) = "yaml:\"unrestricted_pool_creator_whitelist\"" ];
 }

x/concentrated-liquidity/pool.go

@@ -44,16 +44,37 @@ func (k Keeper) InitializePool(ctx sdk.Context, poolI poolmanagertypes.PoolI, cr
 	quoteAsset := concentratedPool.GetToken1()
 	poolManagerParams := k.poolmanagerKeeper.GetParams(ctx)
 
-	if !k.validateTickSpacing(params, tickSpacing) {
-		return types.UnauthorizedTickSpacingError{ProvidedTickSpacing: tickSpacing, AuthorizedTickSpacings: params.AuthorizedTickSpacing}
+	bypassRestrictions := false
+
+	poolmanagerModuleAcc := k.accountKeeper.GetModuleAccount(ctx, poolmanagertypes.ModuleName).GetAddress()
+
+	// allow pool mananger module account to bypass restrictions (i.e. gov prop)
+	if creatorAddress.Equals(poolmanagerModuleAcc) {
+		bypassRestrictions = true
 	}
 
-	if !k.validateSpreadFactor(params, spreadFactor) {
-		return types.UnauthorizedSpreadFactorError{ProvidedSpreadFactor: spreadFactor, AuthorizedSpreadFactors: params.AuthorizedSpreadFactors}
+	// allow whitelisted pool creators to bypass restrictions
+	if !bypassRestrictions {
+		for _, addr := range params.UnrestrictedPoolCreatorWhitelist {
+			// okay to use MustAccAddressFromBech32 because already validated in params
+			if sdk.MustAccAddressFromBech32(addr).Equals(creatorAddress) {
+				bypassRestrictions = true
+			}
+		}
 	}
 
-	if !validateAuthorizedQuoteDenoms(quoteAsset, poolManagerParams.AuthorizedQuoteDenoms) {
-		return types.UnauthorizedQuoteDenomError{ProvidedQuoteDenom: quoteAsset, AuthorizedQuoteDenoms: poolManagerParams.AuthorizedQuoteDenoms}
+	if !bypassRestrictions {
+		if !k.validateTickSpacing(params, tickSpacing) {
+			return types.UnauthorizedTickSpacingError{ProvidedTickSpacing: tickSpacing, AuthorizedTickSpacings: params.AuthorizedTickSpacing}
+		}
+
+		if !k.validateSpreadFactor(params, spreadFactor) {
+			return types.UnauthorizedSpreadFactorError{ProvidedSpreadFactor: spreadFactor, AuthorizedSpreadFactors: params.AuthorizedSpreadFactors}
+		}
+
+		if !validateAuthorizedQuoteDenoms(quoteAsset, poolManagerParams.AuthorizedQuoteDenoms) {
+			return types.UnauthorizedQuoteDenomError{ProvidedQuoteDenom: quoteAsset, AuthorizedQuoteDenoms: poolManagerParams.AuthorizedQuoteDenoms}
+		}
 	}
 
 	if err := k.createSpreadRewardAccumulator(ctx, poolId); err != nil {

x/concentrated-liquidity/pool_test.go

@@ -40,12 +40,15 @@ func (s *KeeperTestSuite) TestInitializePool() {
 
 	validCreatorAddress := s.TestAccs[0]
 
+	poolmanagerModuleAccount := s.App.AccountKeeper.GetModuleAccount(s.Ctx, poolmanagertypes.ModuleName).GetAddress()
+
 	tests := []struct {
-		name                      string
-		poolI                     poolmanagertypes.PoolI
-		authorizedDenomsOverwrite []string
-		creatorAddress            sdk.AccAddress
-		expectedErr               error
+		name                             string
+		poolI                            poolmanagertypes.PoolI
+		authorizedDenomsOverwrite        []string
+		unrestrictedPoolCreatorWhitelist []string
+		creatorAddress                   sdk.AccAddress
+		expectedErr                      error
 	}{
 		{
 			name:           "Happy path",
@@ -79,6 +82,23 @@ func (s *KeeperTestSuite) TestInitializePool() {
 			creatorAddress:            validCreatorAddress,
 			expectedErr:               types.UnauthorizedQuoteDenomError{ProvidedQuoteDenom: USDC, AuthorizedQuoteDenoms: []string{"otherDenom"}},
 		},
+		{
+			name:                      "bypass check because poolmanager module account",
+			poolI:                     validPoolI,
+			authorizedDenomsOverwrite: []string{"otherDenom"},
+			// despite the quote denom not being authorized, will still
+			// pass because its coming from the poolmanager module account
+			creatorAddress: poolmanagerModuleAccount,
+		},
+		{
+			name:                      "bypass check because of whitelisted bypass",
+			poolI:                     validPoolI,
+			authorizedDenomsOverwrite: []string{"otherDenom"},
+			// despite the quote denom not being authorized, will still
+			// pass because its coming from a whitelisted pool creator
+			unrestrictedPoolCreatorWhitelist: []string{validCreatorAddress.String()},
+			creatorAddress:                   validCreatorAddress,
+		},
 	}
 
 	for _, test := range tests {
@@ -91,6 +111,16 @@ func (s *KeeperTestSuite) TestInitializePool() {
 				s.App.PoolManagerKeeper.SetParams(s.Ctx, params)
 			}
 
+			if len(test.unrestrictedPoolCreatorWhitelist) > 0 {
+				params := s.App.ConcentratedLiquidityKeeper.GetParams(s.Ctx)
+				params.UnrestrictedPoolCreatorWhitelist = test.unrestrictedPoolCreatorWhitelist
+				fmt.Println("setting")
+				fmt.Println(params.UnrestrictedPoolCreatorWhitelist)
+				s.App.ConcentratedLiquidityKeeper.SetParams(s.Ctx, params)
+				fmt.Println("getting")
+				fmt.Println(s.App.ConcentratedLiquidityKeeper.GetParams(s.Ctx).UnrestrictedPoolCreatorWhitelist)
+			}
+
 			s.setListenerMockOnConcentratedLiquidityKeeper()
 
 			// Method under test.

x/concentrated-liquidity/types/constants.go

@@ -56,5 +56,6 @@ var (
 	}
 	DefaultBalancerSharesDiscount = osmomath.MustNewDecFromStr("0.05")
 	// By default, we only authorize one nanosecond (one block) uptime as an option
-	DefaultAuthorizedUptimes = []time.Duration{time.Nanosecond}
+	DefaultAuthorizedUptimes                = []time.Duration{time.Nanosecond}
+	DefaultUnrestrictedPoolCreatorWhitelist = []string{}
 )

x/concentrated-liquidity/types/params.go

@@ -18,6 +18,7 @@ var (
 	KeyAuthorizedQuoteDenoms              = []byte("AuthorizedQuoteDenoms")
 	KeyAuthorizedUptimes                  = []byte("AuthorizedUptimes")
 	KeyIsPermisionlessPoolCreationEnabled = []byte("IsPermisionlessPoolCreationEnabled")
+	KeyUnrestrictedPoolCreatorWhitelist   = []byte("UnrestrictedPoolCreatorWhitelist")
 
 	_ paramtypes.ParamSet = &Params{}
 )
@@ -27,14 +28,15 @@ func ParamKeyTable() paramtypes.KeyTable {
 	return paramtypes.NewKeyTable().RegisterParamSet(&Params{})
 }
 
-func NewParams(authorizedTickSpacing []uint64, authorizedSpreadFactors []osmomath.Dec, discountRate osmomath.Dec, authorizedQuoteDenoms []string, authorizedUptimes []time.Duration, isPermissionlessPoolCreationEnabled bool) Params {
+func NewParams(authorizedTickSpacing []uint64, authorizedSpreadFactors []osmomath.Dec, discountRate osmomath.Dec, authorizedQuoteDenoms []string, authorizedUptimes []time.Duration, isPermissionlessPoolCreationEnabled bool, unrestrictedPoolCreatorWhitelist []string) Params {
 	return Params{
 		AuthorizedTickSpacing:               authorizedTickSpacing,
 		AuthorizedSpreadFactors:             authorizedSpreadFactors,
 		AuthorizedQuoteDenoms:               authorizedQuoteDenoms,
 		BalancerSharesRewardDiscount:        discountRate,
 		AuthorizedUptimes:                   authorizedUptimes,
 		IsPermissionlessPoolCreationEnabled: isPermissionlessPoolCreationEnabled,
+		UnrestrictedPoolCreatorWhitelist:    unrestrictedPoolCreatorWhitelist,
 	}
 }
 
@@ -52,6 +54,7 @@ func DefaultParams() Params {
 		BalancerSharesRewardDiscount:        DefaultBalancerSharesDiscount,
 		AuthorizedUptimes:                   DefaultAuthorizedUptimes,
 		IsPermissionlessPoolCreationEnabled: false,
+		UnrestrictedPoolCreatorWhitelist:    DefaultUnrestrictedPoolCreatorWhitelist,
 	}
 }
 
@@ -75,6 +78,9 @@ func (p Params) Validate() error {
 	if err := validateAuthorizedUptimes(p.AuthorizedUptimes); err != nil {
 		return err
 	}
+	if err := validateUnrestrictedPoolCreatorWhitelist(p.UnrestrictedPoolCreatorWhitelist); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -87,6 +93,7 @@ func (p *Params) ParamSetPairs() paramtypes.ParamSetPairs {
 		paramtypes.NewParamSetPair(KeyIsPermisionlessPoolCreationEnabled, &p.IsPermissionlessPoolCreationEnabled, validateIsPermissionLessPoolCreationEnabled),
 		paramtypes.NewParamSetPair(KeyDiscountRate, &p.BalancerSharesRewardDiscount, validateBalancerSharesDiscount),
 		paramtypes.NewParamSetPair(KeyAuthorizedUptimes, &p.AuthorizedUptimes, validateAuthorizedUptimes),
+		paramtypes.NewParamSetPair(KeyUnrestrictedPoolCreatorWhitelist, &p.UnrestrictedPoolCreatorWhitelist, validateUnrestrictedPoolCreatorWhitelist),
 	}
 }
 
@@ -235,3 +242,27 @@ func validateAuthorizedUptimes(i interface{}) error {
 
 	return nil
 }
+
+// validateUnrestrictedPoolCreatorWhitelist validates a slice of addresses
+// that are allowed to bypass the restrictions on permissionless pool creation
+//
+// Parameters:
+// - i: The parameter to validate.
+//
+// Returns:
+// - An error if any of the strings are not addresses
+func validateUnrestrictedPoolCreatorWhitelist(i interface{}) error {
+	whitelist, ok := i.([]string)
+
+	if !ok {
+		return fmt.Errorf("invalid parameter type: %T", i)
+	}
+
+	for _, a := range whitelist {
+		if _, err := sdk.AccAddressFromBech32(a); err != nil {
+			return fmt.Errorf("invalid address")
+		}
+	}
+
+	return nil
+}