-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: add authz reference info in the circuit antehandler #20146
Conversation
WalkthroughWalkthroughThe update involves adding a detailed comment block in the Changes
Recent Review DetailsConfiguration used: .coderabbit.yml Files selected for processing (1)
Files skipped from review as they are similar to previous changes (1)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
// If you copy this as reference and your app has the authz module enabled, you must either: | ||
// - recursively check for nested authz.Exec messages in this function. | ||
// - or error early if a nested authz grant is found. | ||
// The circuit AnteHandler handles this with baseapp's service router: https://github.com/cosmos/cosmos-sdk/issues/18632. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is true for all nested messages, though, not only authz.
Somewhat related (about nested authz messages): #19737 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as julien mentioned this isnt localised to authz only. We have have chatted about this use case before and there were a few users. Its ugly i agree
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> (cherry picked from commit 7ea0d40)
…20146) (#20155) Co-authored-by: Reece Williams <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* build(deps): Bump github.com/cosmos/gogoproto from 1.4.11 to 1.4.12 (cosmos#19811) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * feat(x/gov): emit proposer address in submit proposal event (backport cosmos#19842) (cosmos#19844) Co-authored-by: Aryan Tikarya <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * feat(x/gov): emit depositor in `proposal_deposit` event (backport cosmos#19853) (cosmos#19859) Co-authored-by: Kien <[email protected]> Co-authored-by: Julien Robert <[email protected]> * reuse fromAddrString (minor cleanup) (cosmos#19881) * feat(client): replace `event-query-tx-for` with `wait-tx` (backport cosmos#19870) (cosmos#19887) * feat(server): add custom start handler (backport cosmos#19854) (cosmos#19884) Co-authored-by: Julien Robert <[email protected]> * build(deps): Bump cosmossdk.io/store from 1.0.2 to 1.1.0 (cosmos#19810) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * docs(x/mint): Fix inconsistency in mint docs (backport cosmos#19915) (cosmos#19925) * build(deps): Bump github.com/cosmos/iavl from 1.1.1 to 1.1.2 (cosmos#19985) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Robert <[email protected]> * fix(client/v2): add encoder for `cosmos.base.v1beta1.DecCoin` (backport cosmos#19976) (cosmos#20001) Co-authored-by: Julien Robert <[email protected]> * fix(mempool): use no-op mempool as default (backport cosmos#19970) (cosmos#20008) Co-authored-by: Tom <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * feat: Conditionally emit metrics based on enablement (backport cosmos#19903) (cosmos#20017) Co-authored-by: Lucas Francisco López <[email protected]> Co-authored-by: Julien Robert <[email protected]> * fix(x/bank): align query with multi denoms for send-enabled (backport cosmos#20028) (cosmos#20029) Co-authored-by: mmsqe <[email protected]> * fix: Implement gogoproto customtype to secp256r1 keys (backport cosmos#20027) (cosmos#20031) Co-authored-by: Facundo Medica <[email protected]> * fix(client/v2): respect output format from client ctx (backport cosmos#20033) (cosmos#20046) Co-authored-by: mmsqe <[email protected]> * build(deps): Bump cosmossdk.io/x/tx from 0.13.1 to 0.13.2 (cosmos#20042) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Robert <[email protected]> * feat(x/bank): support depinject for send restrictions (backport cosmos#20014) (cosmos#20024) * fix(baseapp): don't share global gas meter in tx execution (backport cosmos#19616) (cosmos#20050) * fix: secp256r1 json missing quotes (backport cosmos#20060) (cosmos#20069) Co-authored-by: Facundo Medica <[email protected]> * build(deps): Bump github.com/cosmos/cosmos-proto from 1.0.0-beta.4 to 1.0.0-beta.5 (cosmos#20095) * feat(client/v2): implement version filtering using annotation (backport cosmos#20083) (cosmos#20099) Co-authored-by: Julien Robert <[email protected]> * chore: prepare v0.50.6 (cosmos#19998) * fix: use timestamp for sim log file name (backport cosmos#20108) (cosmos#20111) Co-authored-by: mmsqe <[email protected]> * fix(x/authz,x/feegrant): check blocked address (cosmos#20102) * chore: update v0.50.6 release notes (cosmos#20124) * build(deps): bump sdk in modules (cosmos#20126) * docs(gas/fees): Update block gas documentation (backport cosmos#20128) (cosmos#20131) Co-authored-by: samricotta <[email protected]> * fix(baseapp): avoid header height overwrite block height (backport cosmos#20107) (cosmos#20129) Co-authored-by: mmsqe <[email protected]> Co-authored-by: Julien Robert <[email protected]> * docs: fix broken link (backport cosmos#20133) (cosmos#20138) * build(deps): bump modules in simapp (cosmos#20137) * build(deps): Bump cosmossdk.io/x/tx from 0.13.2 to 0.13.3 (cosmos#20152) * docs: add authz reference info in the circuit antehandler (backport cosmos#20146) (cosmos#20155) Co-authored-by: Reece Williams <[email protected]> * fix(testsuite/sims): set all signatures (backport cosmos#20151) (cosmos#20185) Co-authored-by: Leon <[email protected]> * build(deps): Bump github.com/cometbft/cometbft from 0.38.6 to 0.38.7 (cosmos#20206) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * fix(server): bootstrap-state command can't parse latest genesis format (backport cosmos#20020) (cosmos#20045) Co-authored-by: yihuang <[email protected]> Co-authored-by: Julien Robert <[email protected]> Co-authored-by: sontrinh16 <[email protected]> Co-authored-by: marbar3778 <[email protected]> * fix: remove txs from mempool when antehandler fails in recheck (backport cosmos#20144) (cosmos#20251) Co-authored-by: Marko <[email protected]> * fix resolve * align dependencies --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Aryan Tikarya <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> Co-authored-by: Kien <[email protected]> Co-authored-by: yihuang <[email protected]> Co-authored-by: Tom <[email protected]> Co-authored-by: Lucas Francisco López <[email protected]> Co-authored-by: Facundo Medica <[email protected]> Co-authored-by: samricotta <[email protected]> Co-authored-by: Reece Williams <[email protected]> Co-authored-by: Leon <[email protected]> Co-authored-by: sontrinh16 <[email protected]> Co-authored-by: Marko <[email protected]>
* fix(crypto): error if incorrect ledger public key (backport cosmos#19691) (cosmos#19745) Co-authored-by: Rootul P <[email protected]> Co-authored-by: sontrinh16 <[email protected]> * build(deps): Bump github.com/cometbft/cometbft from 0.38.5 to 0.38.6 (cosmos#19751) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * fix: align signer extraction adapter for mempool remove (backport cosmos#19759) (cosmos#19773) Co-authored-by: mmsqe <[email protected]> Co-authored-by: marbar3778 <[email protected]> * fix(x/upgrade): Stop treating inline JSON as a URL (backport cosmos#19706) (cosmos#19767) Co-authored-by: Richard Gibson <[email protected]> Co-authored-by: marbar3778 <[email protected]> * fix(client/v2): fix comment parsing (backport cosmos#19377) (cosmos#19777) Co-authored-by: Julien Robert <[email protected]> * build(deps): Bump github.com/cosmos/iavl from 1.0.1 to 1.1.1 in store (cosmos#19770) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Cool Developer <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * chore(store): add release date (cosmos#19797) * build(deps): Bump github.com/cosmos/gogoproto from 1.4.11 to 1.4.12 (cosmos#19811) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * feat(x/gov): emit proposer address in submit proposal event (backport cosmos#19842) (cosmos#19844) Co-authored-by: Aryan Tikarya <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * feat(x/gov): emit depositor in `proposal_deposit` event (backport cosmos#19853) (cosmos#19859) Co-authored-by: Kien <[email protected]> Co-authored-by: Julien Robert <[email protected]> * reuse fromAddrString (minor cleanup) (cosmos#19881) * feat(client): replace `event-query-tx-for` with `wait-tx` (backport cosmos#19870) (cosmos#19887) * feat(server): add custom start handler (backport cosmos#19854) (cosmos#19884) Co-authored-by: Julien Robert <[email protected]> * build(deps): Bump cosmossdk.io/store from 1.0.2 to 1.1.0 (cosmos#19810) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * docs(x/mint): Fix inconsistency in mint docs (backport cosmos#19915) (cosmos#19925) * build(deps): Bump github.com/cosmos/iavl from 1.1.1 to 1.1.2 (cosmos#19985) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Robert <[email protected]> * fix(client/v2): add encoder for `cosmos.base.v1beta1.DecCoin` (backport cosmos#19976) (cosmos#20001) Co-authored-by: Julien Robert <[email protected]> * fix(mempool): use no-op mempool as default (backport cosmos#19970) (cosmos#20008) Co-authored-by: Tom <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Julien Robert <[email protected]> * feat: Conditionally emit metrics based on enablement (backport cosmos#19903) (cosmos#20017) Co-authored-by: Lucas Francisco López <[email protected]> Co-authored-by: Julien Robert <[email protected]> * fix(x/bank): align query with multi denoms for send-enabled (backport cosmos#20028) (cosmos#20029) Co-authored-by: mmsqe <[email protected]> * fix: Implement gogoproto customtype to secp256r1 keys (backport cosmos#20027) (cosmos#20031) Co-authored-by: Facundo Medica <[email protected]> * fix(client/v2): respect output format from client ctx (backport cosmos#20033) (cosmos#20046) Co-authored-by: mmsqe <[email protected]> * build(deps): Bump cosmossdk.io/x/tx from 0.13.1 to 0.13.2 (cosmos#20042) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Robert <[email protected]> * feat(x/bank): support depinject for send restrictions (backport cosmos#20014) (cosmos#20024) * fix(baseapp): don't share global gas meter in tx execution (backport cosmos#19616) (cosmos#20050) * fix: secp256r1 json missing quotes (backport cosmos#20060) (cosmos#20069) Co-authored-by: Facundo Medica <[email protected]> * build(deps): Bump github.com/cosmos/cosmos-proto from 1.0.0-beta.4 to 1.0.0-beta.5 (cosmos#20095) * feat(client/v2): implement version filtering using annotation (backport cosmos#20083) (cosmos#20099) Co-authored-by: Julien Robert <[email protected]> * chore: prepare v0.50.6 (cosmos#19998) * fix: use timestamp for sim log file name (backport cosmos#20108) (cosmos#20111) Co-authored-by: mmsqe <[email protected]> * fix(x/authz,x/feegrant): check blocked address (cosmos#20102) * chore: update v0.50.6 release notes (cosmos#20124) * build(deps): bump sdk in modules (cosmos#20126) * docs(gas/fees): Update block gas documentation (backport cosmos#20128) (cosmos#20131) Co-authored-by: samricotta <[email protected]> * fix(baseapp): avoid header height overwrite block height (backport cosmos#20107) (cosmos#20129) Co-authored-by: mmsqe <[email protected]> Co-authored-by: Julien Robert <[email protected]> * docs: fix broken link (backport cosmos#20133) (cosmos#20138) * build(deps): bump modules in simapp (cosmos#20137) * build(deps): Bump cosmossdk.io/x/tx from 0.13.2 to 0.13.3 (cosmos#20152) * docs: add authz reference info in the circuit antehandler (backport cosmos#20146) (cosmos#20155) Co-authored-by: Reece Williams <[email protected]> * fix(testsuite/sims): set all signatures (backport cosmos#20151) (cosmos#20185) Co-authored-by: Leon <[email protected]> * build(deps): Bump github.com/cometbft/cometbft from 0.38.6 to 0.38.7 (cosmos#20206) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * fix(server): bootstrap-state command can't parse latest genesis format (backport cosmos#20020) (cosmos#20045) Co-authored-by: yihuang <[email protected]> Co-authored-by: Julien Robert <[email protected]> Co-authored-by: sontrinh16 <[email protected]> Co-authored-by: marbar3778 <[email protected]> * fix: remove txs from mempool when antehandler fails in recheck (backport cosmos#20144) (cosmos#20251) Co-authored-by: Marko <[email protected]> * feat(baseapp): expose grpc query router via depinject. (cosmos#20264) * feat(client/v2): override short description in generated command (backport cosmos#20266) (cosmos#20269) Co-authored-by: John Letey <[email protected]> Co-authored-by: Julien Robert <[email protected]> * feat(runtime): Add missing NewTransientStoreService (backport cosmos#20261) (cosmos#20327) Co-authored-by: beer-1 <[email protected]> * fix: allow tx decoding to fail in GetBlockWithTxs (backport cosmos#20323) (cosmos#20329) Co-authored-by: Facundo Medica <[email protected]> Co-authored-by: marbar3778 <[email protected]> * fix(client/v2): correctly check subcommand short descriptions (backport cosmos#20330) (cosmos#20340) * build(deps): Bump cosmossdk.io/api from 0.7.4 to 0.7.5 (cosmos#20338) * style: Fix gov query proposals examples syntax (backport cosmos#20353) (cosmos#20357) * feat(client): add consensus address for debug cmd (backport cosmos#20328) (cosmos#20366) Co-authored-by: mmsqe <[email protected]> Co-authored-by: Julien Robert <[email protected]> * feat(client): overwrite client context instead of setting new one (backport cosmos#20356) (cosmos#20383) Co-authored-by: Shude Li <[email protected]> Co-authored-by: Julien Robert <[email protected]> * fix: correctly assign `execModeSimulate` to context for `simulateTx` (backport cosmos#20342) (cosmos#20346) Co-authored-by: Damian Nolan <[email protected]> Co-authored-by: Julien Robert <[email protected]> Co-authored-by: marbar3778 <[email protected]> * docs: update diagram to be shown properly (backport cosmos#20454) (cosmos#20460) Co-authored-by: tianyeyouyou <[email protected]> Co-authored-by: marbar3778 <[email protected]> * docs: fix note blocks display failure (backport cosmos#20457) (cosmos#20459) Co-authored-by: cocoyeal <[email protected]> * docs: update link contents (backport cosmos#20437) (cosmos#20462) Co-authored-by: PolyMa <[email protected]> * fix(x/consensus): harden consensus params proposal (cosmos#20381) Co-authored-by: Sergio Mena <[email protected]> Co-authored-by: sontrinh16 <[email protected]> * docs: add docs on permissions (backport cosmos#20526) (cosmos#20527) Co-authored-by: Marko <[email protected]> * chore(x/upgrade): bump vulnerable `go-getter` library (cosmos#20530) * chore: prepare v0.50.7 (cosmos#20475) * Add changelog entry and mark v0.50.7-pio-1 in the changelog. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Rootul P <[email protected]> Co-authored-by: sontrinh16 <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: mmsqe <[email protected]> Co-authored-by: marbar3778 <[email protected]> Co-authored-by: Richard Gibson <[email protected]> Co-authored-by: Julien Robert <[email protected]> Co-authored-by: Cool Developer <[email protected]> Co-authored-by: Aryan Tikarya <[email protected]> Co-authored-by: Kien <[email protected]> Co-authored-by: yihuang <[email protected]> Co-authored-by: Tom <[email protected]> Co-authored-by: Lucas Francisco López <[email protected]> Co-authored-by: Facundo Medica <[email protected]> Co-authored-by: samricotta <[email protected]> Co-authored-by: Reece Williams <[email protected]> Co-authored-by: Leon <[email protected]> Co-authored-by: Marko <[email protected]> Co-authored-by: John Letey <[email protected]> Co-authored-by: beer-1 <[email protected]> Co-authored-by: Shude Li <[email protected]> Co-authored-by: Damian Nolan <[email protected]> Co-authored-by: tianyeyouyou <[email protected]> Co-authored-by: cocoyeal <[email protected]> Co-authored-by: PolyMa <[email protected]> Co-authored-by: Sergio Mena <[email protected]>
Description
Ref: #18632 (comment)
Teams are using the circuit ante as reference to copy into their networks. If their network uses authz, there is a security issue right away for them w/ nested authz Exec bypasses if you don't recursively check or block like dydx does.
Maybe the SDK should disallow nested authz Exec's anyways as a security precaution? Is there any actual reason to allow this. I can't think of a valid use case
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
in the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
Summary by CodeRabbit
authz.Exec
messages handling in theAnteHandle
method.