feat: added ante handlers changes

Author: 0xNilesh

app/ante/ante.go

@@ -0,0 +1,185 @@
+// Copyright 2021 Evmos Foundation
+// This file is part of Evmos' Ethermint library.
+//
+// The Ethermint library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The Ethermint library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the Ethermint library. If not, see https://github.com/zeta-chain/ethermint/blob/main/LICENSE
+package ante
+
+import (
+	"fmt"
+	"runtime/debug"
+
+	errorsmod "cosmossdk.io/errors"
+	tmlog "github.com/cometbft/cometbft/libs/log"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	errortypes "github.com/cosmos/cosmos-sdk/types/errors"
+	authante "github.com/cosmos/cosmos-sdk/x/auth/ante"
+	stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types"
+	// crosschaintypes "github.com/zeta-chain/node/x/crosschain/types"
+	// observertypes "github.com/zeta-chain/node/x/observer/types"
+)
+
+func ValidateHandlerOptions(options HandlerOptions) error {
+	if options.AccountKeeper == nil {
+		return errorsmod.Wrap(errortypes.ErrLogic, "account keeper is required for AnteHandler")
+	}
+	if options.BankKeeper == nil {
+		return errorsmod.Wrap(errortypes.ErrLogic, "bank keeper is required for AnteHandler")
+	}
+	if options.SignModeHandler == nil {
+		return errorsmod.Wrap(errortypes.ErrLogic, "sign mode handler is required for ante builder")
+	}
+	if options.FeeMarketKeeper == nil {
+		return errorsmod.Wrap(errortypes.ErrLogic, "fee market keeper is required for AnteHandler")
+	}
+	if options.EvmKeeper == nil {
+		return errorsmod.Wrap(errortypes.ErrLogic, "evm keeper is required for AnteHandler")
+	}
+	// if options.ObserverKeeper == nil {
+	// 	return errorsmod.Wrap(errortypes.ErrLogic, "observer keeper is required for AnteHandler")
+	// }
+	return nil
+}
+
+// NewAnteHandler returns an ante handler responsible for attempting to route an
+// Ethereum or SDK transaction to an internal ante handler for performing
+// transaction-level processing (e.g. fee payment, signature verification) before
+// being passed onto it's respective handler.
+func NewAnteHandler(options HandlerOptions) (sdk.AnteHandler, error) {
+	if err := ValidateHandlerOptions(options); err != nil {
+		return nil, err
+	}
+
+	return func(
+		ctx sdk.Context, tx sdk.Tx, sim bool,
+	) (newCtx sdk.Context, err error) {
+		var anteHandler sdk.AnteHandler
+
+		defer Recover(ctx.Logger(), &err)
+
+		txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx)
+		if ok {
+			opts := txWithExtensions.GetExtensionOptions()
+			if len(opts) > 0 {
+				switch typeURL := opts[0].GetTypeUrl(); typeURL {
+				case "/ethermint.evm.v1.ExtensionOptionsEthereumTx":
+					// handle as *evmtypes.MsgEthereumTx
+					anteHandler = newEthAnteHandler(options)
+				case "/ethermint.types.v1.ExtensionOptionsWeb3Tx":
+					// Deprecated: Handle as normal Cosmos SDK tx, except signature is checked for Legacy EIP712 representation
+					anteHandler = NewLegacyCosmosAnteHandlerEip712(options)
+				case "/ethermint.types.v1.ExtensionOptionDynamicFeeTx":
+					// cosmos-sdk tx with dynamic fee extension
+					anteHandler = newCosmosAnteHandler(options)
+				default:
+					return ctx, errorsmod.Wrapf(
+						errortypes.ErrUnknownExtensionOptions,
+						"rejecting tx with unsupported extension option: %s", typeURL,
+					)
+				}
+
+				return anteHandler(ctx, tx, sim)
+			}
+		}
+
+		// handle as totally normal Cosmos SDK tx
+		switch tx.(type) {
+		case sdk.Tx:
+			// default: handle as normal Cosmos SDK tx
+			anteHandler = newCosmosAnteHandler(options)
+
+			// if tx is a system tx, and singer is authorized, use system tx handler
+
+			// isAuthorized := func(creator string) bool {
+			// 	return options.ObserverKeeper.IsNonTombstonedObserver(ctx, creator)
+			// }
+			// if IsSystemTx(tx, isAuthorized) {
+			// 	anteHandler = newCosmosAnteHandlerForSystemTx(options)
+			// }
+
+			// if tx is MsgCreatorValidator, use the newCosmosAnteHandlerForSystemTx handler to
+			// exempt gas fee requirement in genesis because it's not possible to pay gas fee in genesis
+			if len(tx.GetMsgs()) == 1 {
+				if _, ok := tx.GetMsgs()[0].(*stakingtypes.MsgCreateValidator); ok && ctx.BlockHeight() == 0 {
+					anteHandler = newCosmosAnteHandlerForSystemTx(options)
+				}
+			}
+
+		default:
+			return ctx, errorsmod.Wrapf(errortypes.ErrUnknownRequest, "invalid transaction type: %T", tx)
+		}
+
+		return anteHandler(ctx, tx, sim)
+	}, nil
+}
+
+func Recover(logger tmlog.Logger, err *error) {
+	if r := recover(); r != nil {
+		if err != nil {
+			// #nosec G703 err is checked non-nil above
+			*err = errorsmod.Wrapf(errortypes.ErrPanic, "%v", r)
+		}
+
+		if e, ok := r.(error); ok {
+			logger.Error(
+				"ante handler panicked",
+				"error", e,
+				"stack trace", string(debug.Stack()),
+			)
+		} else {
+			logger.Error(
+				"ante handler panicked",
+				"recover", fmt.Sprintf("%v", r),
+			)
+		}
+	}
+}
+
+// IsSystemTx determines whether tx is a system tx that's signed by an authorized signer
+// system tx are special types of txs (see in the switch below), or such txs wrapped inside a MsgExec
+// the parameter isAuthorizedSigner is a caller specified function that determines whether the signer of
+// the tx is authorized.
+func IsSystemTx(tx sdk.Tx, isAuthorizedSigner func(string) bool) bool {
+	// the following determines whether the tx is a system tx which will uses different handler
+	// System txs are always single Msg txs, optionally wrapped by one level of MsgExec
+	if len(tx.GetMsgs()) != 1 { // this is not a system tx
+		return false
+	}
+	// msg := tx.GetMsgs()[0]
+
+	// if wrapped inside a MsgExec, unwrap it and reveal the innerMsg.
+	// var innerMsg sdk.Msg
+	// innerMsg = msg
+	// if mm, ok := msg.(*authz.MsgExec); ok { // authz tx; look inside it
+	// 	msgs, err := mm.GetMessages()
+	// 	if err == nil && len(msgs) == 1 {
+	// 		innerMsg = msgs[0]
+	// 	}
+	// }
+	// switch innerMsg.(type) {
+	// case *crosschaintypes.MsgVoteGasPrice,
+	// 	*crosschaintypes.MsgVoteOutbound,
+	// 	*crosschaintypes.MsgVoteInbound,
+	// 	*crosschaintypes.MsgAddOutboundTracker,
+	// 	*crosschaintypes.MsgAddInboundTracker,
+	// 	*observertypes.MsgVoteBlockHeader,
+	// 	*observertypes.MsgVoteTSS,
+	// 	*observertypes.MsgVoteBlame:
+	// 	signers := innerMsg.GetSigners()
+	// 	if len(signers) == 1 {
+	// 		return isAuthorizedSigner(signers[0].String())
+	// 	}
+	// }
+
+	return false
+}

app/ante/authz.go

@@ -0,0 +1,104 @@
+package ante
+
+import (
+	"fmt"
+
+	errorsmod "cosmossdk.io/errors"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	errortypes "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/x/authz"
+	"github.com/cosmos/cosmos-sdk/x/group"
+)
+
+// maxNestedMsgs defines a cap for the number of nested messages on a MsgExec message
+const maxNestedMsgs = 15
+
+// AuthzLimiterDecorator blocks certain msg types from being granted or executed
+// within the authorization module.
+type AuthzLimiterDecorator struct {
+	// disabledMsgTypes is the type urls of the msgs to block.
+	disabledMsgTypes []string
+}
+
+// NewAuthzLimiterDecorator creates a decorator to block certain msg types from being granted or executed within authz.
+func NewAuthzLimiterDecorator(disabledMsgTypes ...string) AuthzLimiterDecorator {
+	return AuthzLimiterDecorator{
+		disabledMsgTypes: disabledMsgTypes,
+	}
+}
+
+func (ald AuthzLimiterDecorator) AnteHandle(
+	ctx sdk.Context,
+	tx sdk.Tx,
+	simulate bool,
+	next sdk.AnteHandler,
+) (newCtx sdk.Context, err error) {
+	if err := ald.checkDisabledMsgs(tx.GetMsgs(), false, 1); err != nil {
+		return ctx, errorsmod.Wrap(errortypes.ErrUnauthorized, err.Error())
+	}
+	return next(ctx, tx, simulate)
+}
+
+// checkDisabledMsgs iterates through the msgs and returns an error if it finds any unauthorized msgs.
+//
+// When searchOnlyInAuthzMsgs is enabled, only authz MsgGrant and MsgExec are blocked, if they contain unauthorized msg types.
+// Otherwise any msg matching the disabled types are blocked, regardless of being in an authz msg or not.
+//
+// This method is recursive as MsgExec's can wrap other MsgExecs. The check for nested messages is performed up to the
+// maxNestedMsgs threshold. If there are more than that limit, it returns an error
+func (ald AuthzLimiterDecorator) checkDisabledMsgs(msgs []sdk.Msg, isAuthzInnerMsg bool, nestedLvl int) error {
+	if nestedLvl >= maxNestedMsgs {
+		return fmt.Errorf("found more nested msgs than permited. Limit is : %d", maxNestedMsgs)
+	}
+	for _, msg := range msgs {
+		switch msg := msg.(type) {
+		case *authz.MsgExec:
+			innerMsgs, err := msg.GetMessages()
+			if err != nil {
+				return err
+			}
+			nestedLvl++
+			if err := ald.checkDisabledMsgs(innerMsgs, true, nestedLvl); err != nil {
+				return err
+			}
+		case *group.MsgSubmitProposal:
+			innerMsgs, err := msg.GetMsgs()
+			if err != nil {
+				return err
+			}
+			nestedLvl++
+			if err := ald.checkDisabledMsgs(innerMsgs, true, nestedLvl); err != nil {
+				return err
+			}
+		case *authz.MsgGrant:
+			authorization, err := msg.GetAuthorization()
+			if err != nil {
+				return err
+			}
+
+			url := authorization.MsgTypeURL()
+			if ald.isDisabledMsg(url) {
+				return fmt.Errorf("found disabled msg type: %s", url)
+			}
+
+		default:
+			url := sdk.MsgTypeURL(msg)
+			if isAuthzInnerMsg && ald.isDisabledMsg(url) {
+				return fmt.Errorf("found disabled msg type: %s", url)
+			}
+		}
+	}
+	return nil
+}
+
+// isDisabledMsg returns true if the given message is in the list of restricted
+// messages from the AnteHandler.
+func (ald AuthzLimiterDecorator) isDisabledMsg(msgTypeURL string) bool {
+	for _, disabledType := range ald.disabledMsgTypes {
+		if msgTypeURL == disabledType {
+			return true
+		}
+	}
+
+	return false
+}