From dbd45b2b30eedf87b17dede3d21926ee00d4b24d Mon Sep 17 00:00:00 2001 From: Chenyao Yu <4844716+chenyaoy@users.noreply.github.com> Date: Thu, 3 Oct 2024 16:20:53 -0400 Subject: [PATCH] [TRA-671] Prevent connect messages in x/authz (#2434) --- protocol/lib/ante/nested_msg.go | 9 +++++++ protocol/lib/ante/nested_msg_test.go | 35 +++++++++++++++++++++++++++ protocol/testutil/msgs/nested_msgs.go | 10 ++++++++ 3 files changed, 54 insertions(+) diff --git a/protocol/lib/ante/nested_msg.go b/protocol/lib/ante/nested_msg.go index db2a09ec77..cf3cd6433f 100644 --- a/protocol/lib/ante/nested_msg.go +++ b/protocol/lib/ante/nested_msg.go @@ -12,6 +12,7 @@ import ( ) const DYDX_MSG_PREFIX = "/" + constants.AppName +const CONNECT_MSG_PREFIX = "/connect" // IsNestedMsg returns true if the given msg is a nested msg. func IsNestedMsg(msg sdk.Msg) bool { @@ -32,6 +33,11 @@ func IsDydxMsg(msg sdk.Msg) bool { return strings.HasPrefix(sdk.MsgTypeURL(msg), DYDX_MSG_PREFIX) } +// IsConnectMsg returns true if the given msg is a Connect custom msg. +func IsConnectMsg(msg sdk.Msg) bool { + return strings.HasPrefix(sdk.MsgTypeURL(msg), CONNECT_MSG_PREFIX) +} + // ValidateNestedMsg returns err if the given msg is an invalid nested msg. func ValidateNestedMsg(msg sdk.Msg) error { if !IsNestedMsg(msg) { @@ -80,6 +86,9 @@ func validateInnerMsg(msg sdk.Msg) error { if IsDydxMsg(inner) { return fmt.Errorf("Invalid nested msg for MsgExec: dydx msg type") } + if IsConnectMsg(inner) { + return fmt.Errorf("Invalid nested msg for MsgExec: Connect msg type") + } } // For "internal msgs", we allow them, because they are designed to be nested. diff --git a/protocol/lib/ante/nested_msg_test.go b/protocol/lib/ante/nested_msg_test.go index 94ffe95c58..0a98a94b84 100644 --- a/protocol/lib/ante/nested_msg_test.go +++ b/protocol/lib/ante/nested_msg_test.go @@ -22,6 +22,7 @@ var ( invalidInnerMsgErr_AppInjected = fmt.Errorf("Invalid nested msg: app-injected msg type") invalidInnerMsgErr_Nested = fmt.Errorf("Invalid nested msg: double-nested msg type") invalidInnerMsgErr_Dydx = fmt.Errorf("Invalid nested msg for MsgExec: dydx msg type") + invalidInnerMsgErr_Connect = fmt.Errorf("Invalid nested msg for MsgExec: Connect msg type") ) func TestIsNestedMsg_Empty(t *testing.T) { @@ -106,6 +107,36 @@ func TestIsDydxMsg_Valid(t *testing.T) { } } +func TestIsConnectMsg_Invalid(t *testing.T) { + allConnectMsgs := lib.MergeAllMapsMustHaveDistinctKeys( + appmsgs.NormalMsgsConnect, + ) + allMsgsMinusConnect := lib.MergeAllMapsMustHaveDistinctKeys(appmsgs.AllowMsgs, appmsgs.DisallowMsgs) + for key := range allConnectMsgs { + delete(allMsgsMinusConnect, key) + } + allNonNilSampleMsgs := testmsgs.GetNonNilSampleMsgs(allMsgsMinusConnect) + + for _, sampleMsg := range allNonNilSampleMsgs { + t.Run(sampleMsg.Name, func(t *testing.T) { + require.False(t, ante.IsConnectMsg(sampleMsg.Msg)) + }) + } +} + +func TestIsConnectMsg_Valid(t *testing.T) { + allConnectMsgs := lib.MergeAllMapsMustHaveDistinctKeys( + appmsgs.NormalMsgsConnect, + ) + allNonNilSampleMsgs := testmsgs.GetNonNilSampleMsgs(allConnectMsgs) + + for _, sampleMsg := range allNonNilSampleMsgs { + t.Run(sampleMsg.Name, func(t *testing.T) { + require.True(t, ante.IsConnectMsg(sampleMsg.Msg)) + }) + } +} + func TestValidateNestedMsg(t *testing.T) { tests := map[string]struct { msg sdk.Msg @@ -143,6 +174,10 @@ func TestValidateNestedMsg(t *testing.T) { msg: &testmsgs.MsgExecWithDydxMessage, expectedErr: invalidInnerMsgErr_Dydx, }, + "Invalid MsgExec: Connect custom msg": { + msg: &testmsgs.MsgExecWithConnectMessage, + expectedErr: invalidInnerMsgErr_Connect, + }, "Valid: empty inner msg": { msg: testmsgs.MsgSubmitProposalWithEmptyInner, expectedErr: nil, diff --git a/protocol/testutil/msgs/nested_msgs.go b/protocol/testutil/msgs/nested_msgs.go index 7b4b91625f..207903bd27 100644 --- a/protocol/testutil/msgs/nested_msgs.go +++ b/protocol/testutil/msgs/nested_msgs.go @@ -10,6 +10,7 @@ import ( "github.com/dydxprotocol/v4-chain/protocol/testutil/encoding" prices "github.com/dydxprotocol/v4-chain/protocol/x/prices/types" sending "github.com/dydxprotocol/v4-chain/protocol/x/sending/types" + marketmap "github.com/skip-mev/connect/v2/x/marketmap/types" ) func init() { @@ -46,6 +47,9 @@ func init() { _ = testTxBuilder.SetMsgs(&MsgExecWithDydxMessage) MsgExecWithDydxMessageTxBytes, _ = testEncodingCfg.TxConfig.TxEncoder()(testTxBuilder.GetTx()) + _ = testTxBuilder.SetMsgs(&MsgExecWithConnectMessage) + MsgExecWithConnectMessageTxBytes, _ = testEncodingCfg.TxConfig.TxEncoder()(testTxBuilder.GetTx()) + _ = testTxBuilder.SetMsgs(MsgSubmitProposalWithUpgrade) MsgSubmitProposalWithUpgradeTxBytes, _ = testEncodingCfg.TxConfig.TxEncoder()(testTxBuilder.GetTx()) @@ -120,6 +124,12 @@ var ( ) MsgExecWithDydxMessageTxBytes []byte + MsgExecWithConnectMessage = authz.NewMsgExec( + constants.AliceAccAddress, + []sdk.Msg{&marketmap.MsgUpsertMarkets{}}, + ) + MsgExecWithConnectMessageTxBytes []byte + // Valid MsgSubmitProposals MsgSubmitProposalWithUpgrade, _ = gov.NewMsgSubmitProposal( []sdk.Msg{MsgSoftwareUpgrade}, nil, testProposer, testMetadata, testTitle, testSummary, false)