diff --git a/x/distribution/keeper/keeper.go b/x/distribution/keeper/keeper.go index f7b68fd59cc5..1b21dbb163b3 100644 --- a/x/distribution/keeper/keeper.go +++ b/x/distribution/keeper/keeper.go @@ -231,6 +231,11 @@ func (k Keeper) WithdrawSingleShareRecordReward(ctx context.Context, recordID ui } owner := sdk.AccAddress(ownerAddr) + // This check is necessary to prevent sending rewards to a blacklisted address + if k.bankKeeper.BlockedAddr(owner) { + return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", owner.String()) + } + valAddr, err := k.stakingKeeper.ValidatorAddressCodec().StringToBytes(record.Validator) if err != nil { return err @@ -293,6 +298,11 @@ func (k Keeper) WithdrawTokenizeShareRecordReward(ctx sdk.Context, ownerAddr sdk return nil, err } + // This check is necessary to prevent sending rewards to a blacklisted address + if k.bankKeeper.BlockedAddr(ownerAddr) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", ownerAddr) + } + if record.Owner != ownerAddr.String() { return nil, types.ErrNotTokenizeShareRecordOwner } @@ -340,6 +350,11 @@ func (k Keeper) WithdrawTokenizeShareRecordReward(ctx sdk.Context, ownerAddr sdk // withdraw reward for all owning TokenizeShareRecord func (k Keeper) WithdrawAllTokenizeShareRecordReward(ctx sdk.Context, ownerAddr sdk.AccAddress) (sdk.Coins, error) { + // This check is necessary to prevent sending rewards to a blacklisted address + if k.bankKeeper.BlockedAddr(ownerAddr) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive external funds", ownerAddr) + } + totalRewards := sdk.Coins{} records := k.stakingKeeper.GetTokenizeShareRecordsByOwner(ctx, ownerAddr) diff --git a/x/distribution/keeper/msg_server.go b/x/distribution/keeper/msg_server.go index 7004316e565e..a48be11e6330 100644 --- a/x/distribution/keeper/msg_server.go +++ b/x/distribution/keeper/msg_server.go @@ -243,6 +243,7 @@ func (k msgServer) WithdrawTokenizeShareRecordReward(goCtx context.Context, msg if err != nil { return nil, err } + amount, err := k.Keeper.WithdrawTokenizeShareRecordReward(ctx, ownerAddr, msg.RecordId) if err != nil { return nil, err @@ -271,6 +272,7 @@ func (k msgServer) WithdrawAllTokenizeShareRecordReward(goCtx context.Context, m if err != nil { return nil, err } + amount, err := k.Keeper.WithdrawAllTokenizeShareRecordReward(ctx, ownerAddr) if err != nil { return nil, err