V1.6.0 (#220)

Makefile

@@ -6,7 +6,7 @@ DIFF_TAG=$(shell git rev-list --tags="v*" --max-count=1 --not $(shell git rev-li
 DEFAULT_TAG=$(shell git rev-list --tags="v*" --max-count=1)
 # VERSION ?= $(shell echo $(shell git describe --tags $(or $(DIFF_TAG), $(DEFAULT_TAG))) | sed 's/^v//')
 
-VERSION := "1.5.0"
+VERSION := "1.6.0"
 TMVERSION := $(shell go list -m github.com/tendermint/tendermint | sed 's:.* ::')
 COMMIT := $(shell git log -1 --format='%H')
 LEDGER_ENABLED ?= true

app/ante/ante.go

@@ -5,7 +5,6 @@ import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	errortypes "github.com/cosmos/cosmos-sdk/types/errors"
 	authante "github.com/cosmos/cosmos-sdk/x/auth/ante"
-	ethante "github.com/evmos/ethermint/app/ante"
 )
 
 // NewAnteHandler returns an ante handler responsible for attempting to route an
@@ -18,19 +17,20 @@ func NewAnteHandler(options HandlerOptions) sdk.AnteHandler {
 	) (newCtx sdk.Context, err error) {
 		var anteHandler sdk.AnteHandler
 
-		defer ethante.Recover(ctx.Logger(), &err)
-
 		txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx)
 		if ok {
 			opts := txWithExtensions.GetExtensionOptions()
 			if len(opts) > 0 {
 				switch typeURL := opts[0].GetTypeUrl(); typeURL {
 				case "/ethermint.evm.v1.ExtensionOptionsEthereumTx":
 					// handle as *evmtypes.MsgEthereumTx
-					anteHandler = newEthAnteHandler(options)
+					anteHandler = newEVMAnteHandler(options)
 				case "/ethermint.types.v1.ExtensionOptionsWeb3Tx":
 					// handle as normal Cosmos SDK tx, except signature is checked for EIP712 representation
-					anteHandler = newLegacyCosmosAnteHandlerEip712(options) // nolint: staticcheck
+					anteHandler = newLegacyCosmosAnteHandlerEip712(options)
+				case "/ethermint.types.v1.ExtensionOptionDynamicFeeTx":
+					// cosmos-sdk tx with dynamic fee extension
+					anteHandler = newCosmosAnteHandler(options)
 				default:
 					return ctx, errorsmod.Wrapf(
 						errortypes.ErrUnknownExtensionOptions,

app/ante/cosmos/authz.go

@@ -0,0 +1,88 @@
+package cosmos
+
+import (
+	"fmt"
+
+	errorsmod "cosmossdk.io/errors"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	errortypes "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/x/authz"
+)
+
+// maxNestedMsgs defines a cap for the number of nested messages on a MsgExec message
+const maxNestedMsgs = 7
+
+// AuthzLimiterDecorator blocks certain msg types from being granted or executed
+// within the authorization module.
+type AuthzLimiterDecorator struct {
+	// disabledMsgTypes is the type urls of the msgs to block.
+	disabledMsgTypes []string
+}
+
+// NewAuthzLimiterDecorator creates a decorator to block certain msg types from being granted or executed within authz.
+func NewAuthzLimiterDecorator(disabledMsgTypes ...string) AuthzLimiterDecorator {
+	return AuthzLimiterDecorator{
+		disabledMsgTypes: disabledMsgTypes,
+	}
+}
+
+func (ald AuthzLimiterDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (newCtx sdk.Context, err error) {
+	if err := ald.checkDisabledMsgs(tx.GetMsgs(), false, 1); err != nil {
+		return ctx, errorsmod.Wrapf(errortypes.ErrUnauthorized, err.Error())
+	}
+	return next(ctx, tx, simulate)
+}
+
+// checkDisabledMsgs iterates through the msgs and returns an error if it finds any unauthorized msgs.
+//
+// When searchOnlyInAuthzMsgs is enabled, only authz MsgGrant and MsgExec are blocked, if they contain unauthorized msg types.
+// Otherwise any msg matching the disabled types are blocked, regardless of being in an authz msg or not.
+//
+// This method is recursive as MsgExec's can wrap other MsgExecs. The check for nested messages is performed up to the
+// maxNestedMsgs threshold. If there are more than that limit, it returns an error
+func (ald AuthzLimiterDecorator) checkDisabledMsgs(msgs []sdk.Msg, isAuthzInnerMsg bool, nestedLvl int) error {
+	if nestedLvl >= maxNestedMsgs {
+		return fmt.Errorf("found more nested msgs than permited. Limit is : %d", maxNestedMsgs)
+	}
+	for _, msg := range msgs {
+		switch msg := msg.(type) {
+		case *authz.MsgExec:
+			innerMsgs, err := msg.GetMessages()
+			if err != nil {
+				return err
+			}
+			nestedLvl++
+			if err := ald.checkDisabledMsgs(innerMsgs, true, nestedLvl); err != nil {
+				return err
+			}
+		case *authz.MsgGrant:
+			authorization, err := msg.GetAuthorization()
+			if err != nil {
+				return err
+			}
+
+			url := authorization.MsgTypeURL()
+			if ald.isDisabledMsg(url) {
+				return fmt.Errorf("found disabled msg type: %s", url)
+			}
+		default:
+			url := sdk.MsgTypeURL(msg)
+			if isAuthzInnerMsg && ald.isDisabledMsg(url) {
+				return fmt.Errorf("found disabled msg type: %s", url)
+			}
+		}
+	}
+	return nil
+}
+
+// isDisabledMsg returns true if the given message is in the list of restricted
+// messages from the AnteHandler.
+func (ald AuthzLimiterDecorator) isDisabledMsg(msgTypeURL string) bool {
+	for _, disabledType := range ald.disabledMsgTypes {
+		if msgTypeURL == disabledType {
+			return true
+		}
+	}
+
+	return false
+}