dydxprotocol · jayy04 · Jan 25, 2024 · Jan 11, 2024 · Jan 12, 2024 · Jan 12, 2024
@@ -53,6 +53,9 @@ import (
 	authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper"
 	authtx "github.com/cosmos/cosmos-sdk/x/auth/tx"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
+	authz "github.com/cosmos/cosmos-sdk/x/authz"
+	authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper"
+	authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module"
 	"github.com/cosmos/cosmos-sdk/x/bank"
 	bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper"
 	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
@@ -234,6 +237,7 @@ type App struct {
 
 	// keepers
 	AccountKeeper    authkeeper.AccountKeeper
+	AuthzKeeper      authzkeeper.Keeper
 	BankKeeper       bankkeeper.Keeper
 	CapabilityKeeper *capabilitykeeper.Keeper
 	StakingKeeper    *stakingkeeper.Keeper
@@ -347,10 +351,20 @@ func New(
 	bApp.SetTxEncoder(txConfig.TxEncoder())
 
 	keys := storetypes.NewKVStoreKeys(
-		authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, crisistypes.StoreKey,
-		distrtypes.StoreKey, slashingtypes.StoreKey,
-		govtypes.StoreKey, paramstypes.StoreKey, consensusparamtypes.StoreKey, upgradetypes.StoreKey, feegrant.StoreKey,
-		ibcexported.StoreKey, ibctransfertypes.StoreKey,
+		authtypes.StoreKey,
+		authzkeeper.StoreKey,
+		banktypes.StoreKey,
+		stakingtypes.StoreKey,
+		crisistypes.StoreKey,
+		distrtypes.StoreKey,
+		slashingtypes.StoreKey,
+		govtypes.StoreKey,
+		paramstypes.StoreKey,
+		consensusparamtypes.StoreKey,
+		upgradetypes.StoreKey,
+		feegrant.StoreKey,
+		ibcexported.StoreKey,
+		ibctransfertypes.StoreKey,
 		ratelimitmoduletypes.StoreKey,
 		icacontrollertypes.StoreKey,
 		icahosttypes.StoreKey,
@@ -430,6 +444,14 @@ func New(
 		sdk.GetConfig().GetBech32AccountAddrPrefix(),
 		lib.GovModuleAddress.String(),
 	)
+
+	app.AuthzKeeper = authzkeeper.NewKeeper(
+		runtime.NewKVStoreService(keys[authzkeeper.StoreKey]),
+		appCodec,
+		app.MsgServiceRouter(),
+		app.AccountKeeper,
+	)
+
 	app.BankKeeper = bankkeeper.NewBaseKeeper(
 		appCodec,
 		runtime.NewKVStoreService(keys[banktypes.StoreKey]),
@@ -990,6 +1012,7 @@ func New(
 		),
 		auth.NewAppModule(appCodec, app.AccountKeeper, nil, app.getSubspace(authtypes.ModuleName)),
 		bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, app.getSubspace(banktypes.ModuleName)),
+		authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry),
 		capability.NewAppModule(appCodec, *app.CapabilityKeeper, false),
 		feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry),
 		crisis.NewAppModule(app.CrisisKeeper, skipGenesisInvariants, app.getSubspace(crisistypes.ModuleName)),
@@ -1051,6 +1074,7 @@ func New(
 	// NOTE: staking module is required if HistoricalEntries param > 0
 	app.ModuleManager.SetOrderBeginBlockers(
 		blocktimemoduletypes.ModuleName, // Must be first
+		authz.ModuleName,                // Delete expired grants.
 		epochsmoduletypes.ModuleName,
 		capabilitytypes.ModuleName,
 		distrtypes.ModuleName,
@@ -1119,6 +1143,7 @@ func New(
 		rewardsmoduletypes.ModuleName,
 		epochsmoduletypes.ModuleName,
 		delaymsgmoduletypes.ModuleName,
+		authz.ModuleName,                // No-op.
 		blocktimemoduletypes.ModuleName, // Must be last
 	)
 
@@ -1160,6 +1185,7 @@ func New(
 		rewardsmoduletypes.ModuleName,
 		sendingmoduletypes.ModuleName,
 		delaymsgmoduletypes.ModuleName,
+		authz.ModuleName,
 	)
 
 	// NOTE: by default, set migration order here to be the same as init genesis order,
@@ -1197,6 +1223,7 @@ func New(
 		rewardsmoduletypes.ModuleName,
 		sendingmoduletypes.ModuleName,
 		delaymsgmoduletypes.ModuleName,
+		authz.ModuleName,
 
 		// Auth must be migrated after staking.
 		authtypes.ModuleName,

@@ -12,6 +12,7 @@ import (
 	tmproto "github.com/cometbft/cometbft/proto/tendermint/types"
 	"github.com/cosmos/cosmos-sdk/types/module"
 	"github.com/cosmos/cosmos-sdk/x/auth"
+	authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module"
 	"github.com/cosmos/cosmos-sdk/x/bank"
 	"github.com/cosmos/cosmos-sdk/x/consensus"
 	"github.com/cosmos/cosmos-sdk/x/crisis"
@@ -198,6 +199,7 @@ func TestModuleBasics(t *testing.T) {
 		upgrade.AppModuleBasic{},
 		transfer.AppModuleBasic{},
 		consensus.AppModuleBasic{},
+		authzmodule.AppModuleBasic{},
 
 		// Custom modules
 		pricesmodule.AppModuleBasic{},

@@ -6,6 +6,7 @@ import (
 	"cosmossdk.io/x/upgrade"
 	"github.com/cosmos/cosmos-sdk/types/module"
 	"github.com/cosmos/cosmos-sdk/x/auth"
+	authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module"
 	"github.com/cosmos/cosmos-sdk/x/bank"
 	"github.com/cosmos/cosmos-sdk/x/consensus"
 	"github.com/cosmos/cosmos-sdk/x/crisis"
@@ -69,6 +70,7 @@ var (
 		evidence.AppModuleBasic{},
 		transfer.AppModuleBasic{},
 		consensus.AppModuleBasic{},
+		authzmodule.AppModuleBasic{},
 
 		// Custom modules
 		pricesmodule.AppModuleBasic{},

@@ -14,6 +14,15 @@ var (
 		"/cosmos.auth.v1beta1.ModuleCredential": {},
 		"/cosmos.auth.v1beta1.MsgUpdateParams":  {},
 
+		// authz
+		"/cosmos.authz.v1beta1.GenericAuthorization": {},
+		"/cosmos.authz.v1beta1.MsgExec":              {},
+		"/cosmos.authz.v1beta1.MsgExecResponse":      {},
+		"/cosmos.authz.v1beta1.MsgGrant":             {},
+		"/cosmos.authz.v1beta1.MsgGrantResponse":     {},
+		"/cosmos.authz.v1beta1.MsgRevoke":            {},
+		"/cosmos.authz.v1beta1.MsgRevokeResponse":    {},
+
 		// bank
 		"/cosmos.bank.v1beta1.MsgMultiSend":              {},
 		"/cosmos.bank.v1beta1.MsgMultiSendResponse":      {},

@@ -2,12 +2,17 @@ package msgs
 
 import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/authz"
 	gov "github.com/cosmos/cosmos-sdk/x/gov/types/v1"
 )
 
 var (
 	// NestedMsgSamples are msgs that have can include other arbitrary messages inside.
 	NestedMsgSamples = map[string]sdk.Msg{
+		// authz
+		"/cosmos.authz.v1beta1.MsgExec":         &authz.MsgExec{},
+		"/cosmos.authz.v1beta1.MsgExecResponse": nil,
+
 		// gov
 		"/cosmos.gov.v1.MsgSubmitProposal":         &gov.MsgSubmitProposal{},
 		"/cosmos.gov.v1.MsgSubmitProposalResponse": nil,

@@ -11,6 +11,10 @@ import (
 
 func TestNestedMsgs_Key(t *testing.T) {
 	expectedMsgs := []string{
+		// authz
+		"/cosmos.authz.v1beta1.MsgExec",
+		"/cosmos.authz.v1beta1.MsgExecResponse",
+
 		// gov
 		"/cosmos.gov.v1.MsgSubmitProposal",
 		"/cosmos.gov.v1.MsgSubmitProposalResponse",

@@ -4,6 +4,7 @@ import (
 	evidence "cosmossdk.io/x/evidence/types"
 	feegrant "cosmossdk.io/x/feegrant"
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/authz"
 	bank "github.com/cosmos/cosmos-sdk/x/bank/types"
 	crisis "github.com/cosmos/cosmos-sdk/x/crisis/types"
 	distr "github.com/cosmos/cosmos-sdk/x/distribution/types"
@@ -27,6 +28,13 @@ var (
 		"/cosmos.auth.v1beta1.ModuleAccount":    nil,
 		"/cosmos.auth.v1beta1.ModuleCredential": nil,
 
+		// authz
+		"/cosmos.authz.v1beta1.GenericAuthorization": nil,
+		"/cosmos.authz.v1beta1.MsgGrant":             &authz.MsgGrant{},
+		"/cosmos.authz.v1beta1.MsgGrantResponse":     nil,
+		"/cosmos.authz.v1beta1.MsgRevoke":            &authz.MsgRevoke{},
+		"/cosmos.authz.v1beta1.MsgRevokeResponse":    nil,
+
 		// bank
 		"/cosmos.bank.v1beta1.MsgMultiSend":         &bank.MsgMultiSend{},
 		"/cosmos.bank.v1beta1.MsgMultiSendResponse": nil,

@@ -16,6 +16,13 @@ func TestNormalMsgs_Key(t *testing.T) {
 		"/cosmos.auth.v1beta1.ModuleAccount",
 		"/cosmos.auth.v1beta1.ModuleCredential",
 
+		// authz
+		"/cosmos.authz.v1beta1.GenericAuthorization",
+		"/cosmos.authz.v1beta1.MsgGrant",
+		"/cosmos.authz.v1beta1.MsgGrantResponse",
+		"/cosmos.authz.v1beta1.MsgRevoke",
+		"/cosmos.authz.v1beta1.MsgRevokeResponse",
+
 		// bank
 		"/cosmos.bank.v1beta1.MsgMultiSend",
 		"/cosmos.bank.v1beta1.MsgMultiSendResponse",

@@ -4,10 +4,8 @@ var (
 	// UnregisteredMsgs are msgs that should not be registered with the app.
 	UnregisteredMsgs = map[string]struct{}{
 		// authz
-		"/cosmos.authz.v1.MsgExec":              {},
-		"/cosmos.authz.v1.MsgExecResponse":      {},
-		"/cosmos.authz.v1beta1.MsgExec":         {},
-		"/cosmos.authz.v1beta1.MsgExecResponse": {},
+		"/cosmos.authz.v1.MsgExec":         {},
+		"/cosmos.authz.v1.MsgExecResponse": {},
 
 		// group
 		"/cosmos.group.v1.MsgSubmitProposal":              {},

@@ -14,8 +14,6 @@ func TestUnregisteredMsgs_Key(t *testing.T) {
 		// authz
 		"/cosmos.authz.v1.MsgExec",
 		"/cosmos.authz.v1.MsgExecResponse",
-		"/cosmos.authz.v1beta1.MsgExec",
-		"/cosmos.authz.v1beta1.MsgExecResponse",
 
 		// group
 		"/cosmos.group.v1.MsgSubmitProposal",

@@ -34,6 +34,7 @@ import (
 	authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
 	vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types"
+	authz "github.com/cosmos/cosmos-sdk/x/authz"
 	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
 	distributiontypes "github.com/cosmos/cosmos-sdk/x/distribution/types"
 	govtypes "github.com/cosmos/cosmos-sdk/x/gov/types"
@@ -107,6 +108,7 @@ func (app *SimApp) SimulationManager() *module.SimulationManager {
 var genesisModuleOrder = []string{
 	authtypes.ModuleName,
 	banktypes.ModuleName,
+	authz.ModuleName,
 	capabilitytypes.ModuleName,
 	feegranttypes.ModuleName,
 	govtypes.ModuleName,

@@ -22,6 +22,9 @@
     },
     "accounts": []
   },
+  "authz": {
+    "authorization": []
+  },
   "bank": {
     "params": {
       "send_enabled": [],

@@ -3,6 +3,7 @@ package v_4_0_0
 import (
 	store "cosmossdk.io/store/types"
 	circuittypes "cosmossdk.io/x/circuit/types"
+	authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper"
 	icacontrollertypes "github.com/cosmos/ibc-go/v8/modules/apps/27-interchain-accounts/controller/types"
 	"github.com/dydxprotocol/v4-chain/protocol/app/upgrades"
 )
@@ -21,6 +22,9 @@ var Upgrade = upgrades.Upgrade{
 
 			// Add new ICA stores that are needed by ICA host types as of v8.
 			icacontrollertypes.StoreKey,
+
+			// Add authz module to allow granting arbitrary privileges from one account to another acocunt.
+			authzkeeper.StoreKey,
 		},
 	},
 }
@@ -2,73 +2,99 @@ package ante
 
 import (
 	"fmt"
+	"strings"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	authz "github.com/cosmos/cosmos-sdk/x/authz"
 	gov "github.com/cosmos/cosmos-sdk/x/gov/types/v1"
+	"github.com/dydxprotocol/v4-chain/protocol/lib/metrics"
 )
 
+const DYDX_MSG_PREFIX = "/dydxprotocol"
+
 // IsNestedMsg returns true if the given msg is a nested msg.
 func IsNestedMsg(msg sdk.Msg) bool {
 	switch msg.(type) {
 	case
 		// ------- CosmosSDK default modules
+		// authz
+		*authz.MsgExec,
 		// gov
 		*gov.MsgSubmitProposal:
 		return true
 	}
 	return false
 }
 
+// IsDydxMsg returns true if the given msg is a dYdX custom msg.
+func IsDydxMsg(msg sdk.Msg) bool {
+	return strings.HasPrefix(sdk.MsgTypeURL(msg), DYDX_MSG_PREFIX)
+}
+
 // ValidateNestedMsg returns err if the given msg is an invalid nested msg.
 func ValidateNestedMsg(msg sdk.Msg) error {
 	if !IsNestedMsg(msg) {
 		return fmt.Errorf("not a nested msg")
 	}
 
-	// Get inner msgs.
-	innerMsgs, err := getInnerMsgs(msg)
-	if err != nil {
-		return err
-	}
-
 	// Check that the inner msgs are valid.
-	if err := validateInnerMsg(innerMsgs); err != nil {
+	if err := validateInnerMsg(msg); err != nil {
 		return err
 	}
 
 	return nil // is valid nested msg.
 }
 
-// getInnerMsgs returns the inner msgs of the given msg.
-func getInnerMsgs(msg sdk.Msg) ([]sdk.Msg, error) {
-	switch msg := msg.(type) {
-	case
-		*gov.MsgSubmitProposal:
-		return msg.GetMsgs()
-	default:
-		return nil, fmt.Errorf("unsupported msg type: %T", msg)
+// validateInnerMsg returns err if the given inner msgs contain an invalid msg.
+func validateInnerMsg(msg sdk.Msg) error {
+	// Get inner msgs.
+	innerMsgs, err := getInnerMsgs(msg)
+	if err != nil {
+		return err
 	}
-}
 
-// validateInnerMsg returns err if the given inner msgs contain an invalid msg.
-func validateInnerMsg(innerMsgs []sdk.Msg) error {
-	for _, msg := range innerMsgs {
+	for _, inner := range innerMsgs {
 		// 1. unsupported msgs.
-		if IsUnsupportedMsg(msg) {
+		if IsUnsupportedMsg(inner) {
 			return fmt.Errorf("Invalid nested msg: unsupported msg type")
 		}
 
 		// 2. app-injected msgs.
-		if IsAppInjectedMsg(msg) {
+		if IsAppInjectedMsg(inner) {
 			return fmt.Errorf("Invalid nested msg: app-injected msg type")
 		}
 
 		// 3. double-nested msgs.
-		if IsNestedMsg(msg) {
+		if IsNestedMsg(inner) {
 			return fmt.Errorf("Invalid nested msg: double-nested msg type")
 		}
 
+		// 4.Reject nested dydxprotocol messages in `MsgExec`.
+		if _, ok := msg.(*authz.MsgExec); ok {
+			metrics.IncrCountMetricWithLabels(
+				metrics.Ante,
+				metrics.MsgExec,
+				metrics.GetLabelForStringValue(metrics.InnerMsg, sdk.MsgTypeURL(inner)),
+			)
+			if IsDydxMsg(inner) {
+				return fmt.Errorf("Invalid nested msg for MsgExec: dydx msg type")
+			}
+		}
+
 		// For "internal msgs", we allow them, because they are designed to be nested.
 	}
 	return nil
 }
+
+// getInnerMsgs returns the inner msgs of the given msg.
+func getInnerMsgs(msg sdk.Msg) ([]sdk.Msg, error) {
+	switch msg := msg.(type) {
+	case
+		*gov.MsgSubmitProposal:
+		return msg.GetMsgs()
+	case *authz.MsgExec:
+		return msg.GetMessages()
+	default:
+		return nil, fmt.Errorf("unsupported msg type: %T", msg)
+	}
+}