imp: add extra validation to ica msgs (#8734)

* imp: add extra validation

* chore: lint

* imp: error msg

* test: fix tests

* docs: document the validation change

---------

Co-authored-by: Alex | Cosmos Labs <alex@cosmoslabs.io>
(cherry picked from commit 7574333)

# Conflicts:
#	docs/docs/02-apps/02-interchain-accounts/07-tx-encoding.md
#	modules/apps/27-interchain-accounts/host/keeper/relay_test.go

Author: srdtrk

docs/docs/02-apps/02-interchain-accounts/07-tx-encoding.md

@@ -0,0 +1,62 @@
+---
+title: Transaction Encoding
+sidebar_label: Transaction Encoding
+sidebar_position: 7
+slug: /apps/interchain-accounts/tx-encoding
+---
+
+# Transaction Encoding
+
+When orchestrating an interchain account transaction, which comprises multiple `sdk.Msg` objects represented as `Any` types, the transactions must be encoded as bytes within [`InterchainAccountPacketData`](https://github.com/cosmos/ibc-go/blob/v7.2.0/proto/ibc/applications/interchain_accounts/v1/packet.proto#L21-L26).
+
+```protobuf
+// InterchainAccountPacketData is comprised of a raw transaction, type of transaction and optional memo field.
+message InterchainAccountPacketData {
+  Type   type = 1;
+  bytes  data = 2;
+  string memo = 3;
+}
+```
+
+The `data` field must be encoded as a [`CosmosTx`](https://github.com/cosmos/ibc-go/blob/v7.2.0/proto/ibc/applications/interchain_accounts/v1/packet.proto#L28-L31).
+
+```protobuf
+// CosmosTx contains a list of sdk.Msg's. It should be used when sending transactions to an SDK host chain.
+message CosmosTx {
+  repeated google.protobuf.Any messages = 1;
+}
+```
+
+The encoding method for `CosmosTx` is determined during the channel handshake process. If the channel version [metadata's `encoding` field](https://github.com/cosmos/ibc-go/blob/v7.2.0/proto/ibc/applications/interchain_accounts/v1/metadata.proto#L22) is marked as `proto3`, then `CosmosTx` undergoes protobuf encoding. Conversely, if the field is set to `proto3json`, then [proto3 json](https://protobuf.dev/programming-guides/proto3/#json) encoding takes place, which generates a JSON representation of the protobuf message.
+
+## Protobuf Encoding
+
+Protobuf encoding serves as the standard encoding process for `CosmosTx`. This occurs if the channel handshake initiates with an empty channel version metadata or if the `encoding` field explicitly denotes `proto3`. In Golang, the protobuf encoding procedure utilizes the `proto.Marshal` function. Every protobuf autogenerated Golang type comes equipped with a `Marshal` method that can be employed to encode the message.
+
+## (Protobuf) JSON Encoding
+
+The proto3 JSON encoding presents an alternative encoding technique for `CosmosTx`. It is selected if the channel handshake begins with the channel version metadata `encoding` field labeled as `proto3json`. In Golang, the Proto3 canonical encoding in JSON is implemented by the `"github.com/cosmos/gogoproto/jsonpb"` package. Within Cosmos SDK, the `ProtoCodec` structure implements the `JSONCodec` interface, leveraging the `jsonpb` package. This method generates a JSON format as follows:
+
+```json
+{
+  "messages": [
+    {
+      "@type": "/cosmos.bank.v1beta1.MsgSend",
+      "from_address": "cosmos1...",
+      "to_address": "cosmos1...",
+      "amount": [
+        {
+          "denom": "uatom",
+          "amount": "1000000"
+        }
+      ]
+    }
+  ]
+}
+```
+
+Here, the `"messages"` array is populated with transactions. Each transaction is represented as a JSON object with the `@type` field denoting the transaction type and the remaining fields representing the transaction's attributes.
+
+:::warning
+When utilizing proto3 JSON encoding, we have extra validations to ensure the integrity of the encoded data. Specifically, after decoding the `CosmosTx` from JSON, we re-encode it back to JSON and compare it with the original input. If non-formatting discrepancies arise, an error is returned. This validation step ensures that the JSON representation remains consistent throughout the encoding and decoding processes. This additional check means that all optional fields must be explicitly set in the JSON input, all enums and integers must be represented as strings.
+:::

modules/apps/27-interchain-accounts/host/keeper/relay_test.go

@@ -555,7 +555,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 		expPass  bool
 	}{
 		{
-			"interchain account successfully executes an arbitrary message type using the * (allow all message types) param",
+			"success: interchain account successfully executes an arbitrary message type using the * (allow all message types) param",
 			func(icaAddress string) {
 				// Populate the gov keeper in advance with an active proposal
 				testProposal := &govtypes.TextProposal{
@@ -579,8 +579,9 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 						{
 							"@type": "/cosmos.gov.v1beta1.MsgVote",
 							"voter": "` + icaAddress + `",
-							"proposal_id": 1,
-							"option": 1
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES",
+							"metadata": ""
 						}
 					]
 				}`)
@@ -599,7 +600,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"interchain account successfully executes banktypes.MsgSend",
+			"success: interchain account successfully executes banktypes.MsgSend",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -624,7 +625,11 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
+<<<<<<< HEAD
 			"interchain account successfully executes govtypes.MsgSubmitProposal",
+=======
+			"success: interchain account successfully executes govtypesv1.MsgSubmitProposal",
+>>>>>>> 7574333c (imp: add extra validation to ica msgs (#8734))
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -653,7 +658,11 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
+<<<<<<< HEAD
 			"interchain account successfully executes govtypes.MsgVote",
+=======
+			"success: interchain account successfully executes govtypesv1.MsgVote",
+>>>>>>> 7574333c (imp: add extra validation to ica msgs (#8734))
 			func(icaAddress string) {
 				// Populate the gov keeper in advance with an active proposal
 				testProposal := &govtypes.TextProposal{
@@ -677,8 +686,9 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 						{
 							"@type": "/cosmos.gov.v1beta1.MsgVote",
 							"voter": "` + icaAddress + `",
-							"proposal_id": 1,
-							"option": 1
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES",
+							"metadata": ""
 						}
 					]
 				}`)
@@ -695,7 +705,11 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
+<<<<<<< HEAD
 			"interchain account successfully executes govtypes.MsgSubmitProposal, govtypes.MsgDeposit, and then govtypes.MsgVote sequentially",
+=======
+			"success: interchain account successfully executes govtypesv1.MsgSubmitProposal, govtypesv1.MsgDeposit, and then govtypesv1.MsgVote sequentially",
+>>>>>>> 7574333c (imp: add extra validation to ica msgs (#8734))
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -710,16 +724,22 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 							"proposer": "` + icaAddress + `"
 						},
 						{
+<<<<<<< HEAD
 							"@type": "/cosmos.gov.v1beta1.MsgDeposit",
 							"proposal_id": 1,
+=======
+							"@type": "/cosmos.gov.v1.MsgDeposit",
+							"proposal_id": "1",
+>>>>>>> 7574333c (imp: add extra validation to ica msgs (#8734))
 							"depositor": "` + icaAddress + `",
 							"amount": [{ "denom": "stake", "amount": "10000000" }]
 						},
 						{
 							"@type": "/cosmos.gov.v1beta1.MsgVote",
 							"voter": "` + icaAddress + `",
-							"proposal_id": 1,
-							"option": 1
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES",
+							"metadata": ""
 						}
 					]
 				}`)
@@ -736,7 +756,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"interchain account successfully executes transfertypes.MsgTransfer",
+			"success: interchain account successfully executes transfertypes.MsgTransfer",
 			func(icaAddress string) {
 				transferPath := ibctesting.NewTransferPath(suite.chainB, suite.chainC)
 
@@ -751,8 +771,17 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 							"token": { "denom": "stake", "amount": "100" },
 							"sender": "` + icaAddress + `",
 							"receiver": "cosmos15ulrf36d4wdtrtqzkgaan9ylwuhs7k7qz753uk",
+<<<<<<< HEAD
 							"timeout_height": { "revision_number": 1, "revision_height": 100 },
 							"timeout_timestamp": 0
+=======
+							"timeout_height": { "revision_number": "1", "revision_height": "100" },
+							"timeout_timestamp": "0",
+							"memo": "",
+							"encoding": "",
+							"use_aliasing": false
+							
+>>>>>>> 7574333c (imp: add extra validation to ica msgs (#8734))
 						}
 					]
 				}`)
@@ -769,7 +798,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"unregistered sdk.Msg",
+			"failure: unregistered sdk.Msg",
 			func(icaAddress string) {
 				msgBytes := []byte(`{"messages":[{}]}`)
 				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",")
@@ -785,7 +814,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			false,
 		},
 		{
-			"message type not allowed banktypes.MsgSend",
+			"failure: message type not allowed banktypes.MsgSend",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -810,7 +839,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			false,
 		},
 		{
-			"unauthorised: signer address is not the interchain account associated with the controller portID",
+			"failure: signer address is not the interchain account associated with the controller portID",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -834,6 +863,113 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			},
 			false,
 		},
+		{
+			"failure: missing optional metadata field",
+			func(icaAddress string) {
+				proposal, err := govtypesv1.NewProposal([]sdk.Msg{getTestProposalMessage()}, govtypesv1.DefaultStartingProposalID, s.chainA.GetContext().BlockTime(), s.chainA.GetContext().BlockTime(), "test proposal", "title", "Description", sdk.AccAddress(interchainAccountAddr), false)
+				s.Require().NoError(err)
+
+				err = s.chainB.GetSimApp().GovKeeper.SetProposal(s.chainB.GetContext(), proposal)
+				s.Require().NoError(err)
+				err = s.chainB.GetSimApp().GovKeeper.ActivateVotingPeriod(s.chainB.GetContext(), proposal)
+				s.Require().NoError(err)
+
+				msgBytes := []byte(`{
+					"messages": [
+						{
+							"@type": "/cosmos.gov.v1.MsgVote",
+							"voter": "` + icaAddress + `",
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES"
+						}
+					]
+				}`)
+				// this is the way cosmwasm encodes byte arrays by default
+				// golang doesn't use this encoding by default, but it can still deserialize:
+				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",") //nolint:staticcheck
+
+				packetData = []byte(`{
+					"type": 1,
+					"data":` + byteArrayString + `
+				}`)
+
+				params := types.NewParams(true, []string{"*"})
+				s.chainB.GetSimApp().ICAHostKeeper.SetParams(s.chainB.GetContext(), params)
+			},
+			ibcerrors.ErrInvalidType,
+		},
+		{
+			"failure: alternative int representation of enum field",
+			func(icaAddress string) {
+				proposal, err := govtypesv1.NewProposal([]sdk.Msg{getTestProposalMessage()}, govtypesv1.DefaultStartingProposalID, s.chainA.GetContext().BlockTime(), s.chainA.GetContext().BlockTime(), "test proposal", "title", "Description", sdk.AccAddress(interchainAccountAddr), false)
+				s.Require().NoError(err)
+
+				err = s.chainB.GetSimApp().GovKeeper.SetProposal(s.chainB.GetContext(), proposal)
+				s.Require().NoError(err)
+				err = s.chainB.GetSimApp().GovKeeper.ActivateVotingPeriod(s.chainB.GetContext(), proposal)
+				s.Require().NoError(err)
+
+				msgBytes := []byte(`{
+					"messages": [
+						{
+							"@type": "/cosmos.gov.v1.MsgVote",
+							"voter": "` + icaAddress + `",
+							"proposal_id": "1",
+							"option": 1,
+							"metadata": ""
+						}
+					]
+				}`)
+				// this is the way cosmwasm encodes byte arrays by default
+				// golang doesn't use this encoding by default, but it can still deserialize:
+				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",") //nolint:staticcheck
+
+				packetData = []byte(`{
+					"type": 1,
+					"data":` + byteArrayString + `
+				}`)
+
+				params := types.NewParams(true, []string{"*"})
+				s.chainB.GetSimApp().ICAHostKeeper.SetParams(s.chainB.GetContext(), params)
+			},
+			ibcerrors.ErrInvalidType,
+		},
+		{
+			"failure: alternative integer field representation",
+			func(icaAddress string) {
+				proposal, err := govtypesv1.NewProposal([]sdk.Msg{getTestProposalMessage()}, govtypesv1.DefaultStartingProposalID, s.chainA.GetContext().BlockTime(), s.chainA.GetContext().BlockTime(), "test proposal", "title", "Description", sdk.AccAddress(interchainAccountAddr), false)
+				s.Require().NoError(err)
+
+				err = s.chainB.GetSimApp().GovKeeper.SetProposal(s.chainB.GetContext(), proposal)
+				s.Require().NoError(err)
+				err = s.chainB.GetSimApp().GovKeeper.ActivateVotingPeriod(s.chainB.GetContext(), proposal)
+				s.Require().NoError(err)
+
+				msgBytes := []byte(`{
+					"messages": [
+						{
+							"@type": "/cosmos.gov.v1.MsgVote",
+							"voter": "` + icaAddress + `",
+							"proposal_id": 1,
+							"option": "VOTE_OPTION_YES",
+							"metadata": ""
+						}
+					]
+				}`)
+				// this is the way cosmwasm encodes byte arrays by default
+				// golang doesn't use this encoding by default, but it can still deserialize:
+				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",") //nolint:staticcheck
+
+				packetData = []byte(`{
+					"type": 1,
+					"data":` + byteArrayString + `
+				}`)
+
+				params := types.NewParams(true, []string{"*"})
+				s.chainB.GetSimApp().ICAHostKeeper.SetParams(s.chainB.GetContext(), params)
+			},
+			ibcerrors.ErrInvalidType,
+		},
 	}
 
 	for _, tc := range testCases {

modules/apps/27-interchain-accounts/types/codec.go

@@ -1,6 +1,9 @@
 package types
 
 import (
+	"encoding/json"
+	"reflect"
+
 	"github.com/cosmos/gogoproto/proto"
 
 	errorsmod "cosmossdk.io/errors"
@@ -90,6 +93,15 @@ func DeserializeCosmosTx(cdc codec.Codec, data []byte, encoding string) ([]sdk.M
 		if err := cdc.UnmarshalJSON(data, &cosmosTx); err != nil {
 			return nil, errorsmod.Wrapf(ErrUnknownDataType, "cannot unmarshal CosmosTx with proto3 json")
 		}
+		reconstructedData, err := cdc.MarshalJSON(&cosmosTx)
+		if err != nil {
+			return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidType, "cannot remarshal CosmosTx with proto3 json: %v", err)
+		}
+		if isEqual, err := equalJSON(data, reconstructedData); err != nil {
+			return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidType, "cannot compare original and reconstructed JSON: %v", err)
+		} else if !isEqual {
+			return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidType, "original and reconstructed JSON objects do not match, original: %s, reconstructed: %s", string(data), string(reconstructedData))
+		}
 	default:
 		return nil, errorsmod.Wrapf(ErrInvalidCodec, "unsupported encoding format %s", encoding)
 	}
@@ -107,3 +119,14 @@ func DeserializeCosmosTx(cdc codec.Codec, data []byte, encoding string) ([]sdk.M
 
 	return msgs, nil
 }
+
+func equalJSON(a, b []byte) (bool, error) {
+	var x, y any
+	if err := json.Unmarshal(a, &x); err != nil {
+		return false, err
+	}
+	if err := json.Unmarshal(b, &y); err != nil {
+		return false, err
+	}
+	return reflect.DeepEqual(x, y), nil
+}