Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(x/asset): Add clawback and transfer auth priviledges #176

Open
wants to merge 9 commits into
base: example-priv
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,8 @@ func New(
app.AccountKeeper,
)

app.BankKeeper.AppendSendRestriction(app.AssetKeeper.AssetSendRestriction)

// IBC Keeper
app.IBCKeeper = ibckeeper.NewKeeper(
appCodec, keys[ibchost.StoreKey], app.GetSubspace(ibchost.ModuleName), app.StakingKeeper, app.UpgradeKeeper, scopedIBCKeeper,
Expand Down
11 changes: 11 additions & 0 deletions proto/realionetwork/asset/priviledges/clawback/messages.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
syntax = "proto3";
package realionetwork.asset.v1;

option go_package = "github.com/realiotech/realio-network/x/asset/priviledges/clawback";

import "cosmos_proto/cosmos.proto";

message MsgClawbackToken {
string account = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
uint64 amount = 2;
}
11 changes: 11 additions & 0 deletions proto/realionetwork/asset/priviledges/freeze/messages.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
syntax = "proto3";
package realionetwork.asset.v1;

option go_package = "github.com/realiotech/realio-network/x/asset/priviledges/freeze";

import "cosmos_proto/cosmos.proto";

message MsgFreezeToken {
string account = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
uint64 amount = 2;
}
6 changes: 2 additions & 4 deletions proto/realionetwork/asset/priviledges/mint/messages.proto
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ import "realionetwork/asset/v1/token.proto";


message MsgMintToken {
string account = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
string token_id = 2;
string to_account = 3;
uint64 amount = 4;
string to_account = 1;
uint64 amount = 2;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
syntax = "proto3";
package realionetwork.asset.v1;

option go_package = "github.com/realiotech/realio-network/x/asset/priviledges/transfer_auth";

import "cosmos_proto/cosmos.proto";

message MsgUpdateAllowList {
repeated string allowed_addresses = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
repeated string disallowed_addresses = 2 [ (cosmos_proto.scalar) = "cosmos.AddressString"];
}
22 changes: 22 additions & 0 deletions proto/realionetwork/asset/priviledges/transfer_auth/query.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
syntax = "proto3";
package realionetwork.asset.v1;

option go_package = "github.com/realiotech/realio-network/x/asset/priviledges/transfer_auth";

import "cosmos_proto/cosmos.proto";

message QueryWhitelistedAddressesRequest {
string token_id = 1;
}

message QueryWhitelistedAddressesResponse {
repeated string whitelisted_addrs = 1;
}

message QueryIsAddressWhitelistedRequest {
string address = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
}

message QueryIsAddressWhitelistedRespones {
bool is_whitelisted = 1;
}
1 change: 1 addition & 0 deletions proto/realionetwork/asset/v1/token.proto
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ message TokenManagement {
string manager = 1 [ (cosmos_proto.scalar) = "cosmos.AddressString" ];
bool add_new_privilege = 2;
repeated string excluded_privileges = 3;
repeated string enabled_privileges = 4;
}

message Balance {
Expand Down
1 change: 1 addition & 0 deletions proto/realionetwork/asset/v1/tx.proto
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ message MsgCreateToken {
string description = 6;
repeated string excluded_privileges = 7;
bool add_new_privilege = 8;
repeated string enabled_privileges = 9;
}

message MsgCreateTokenResponse {}
Expand Down
21 changes: 14 additions & 7 deletions x/asset/keeper/keeper.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,14 @@ type (
Keeper struct {
cdc codec.BinaryCodec
// registry is used to register privilege interface and implementation.
registry cdctypes.InterfaceRegistry
storeKey storetypes.StoreKey
memKey storetypes.StoreKey
paramstore paramtypes.Subspace
bankKeeper types.BankKeeper
ak types.AccountKeeper
PrivilegeManager map[string]types.PrivilegeI
registry cdctypes.InterfaceRegistry
storeKey storetypes.StoreKey
memKey storetypes.StoreKey
paramstore paramtypes.Subspace
bankKeeper types.BankKeeper
ak types.AccountKeeper
PrivilegeManager map[string]types.PrivilegeI
RestrictionChecker map[string]RestrictionChecker
}
)

Expand Down Expand Up @@ -68,6 +69,12 @@ func (k *Keeper) AddPrivilege(priv types.PrivilegeI) error {
// regiester the privilege's interfaces
priv.RegisterInterfaces(k.registry)

checker, ok := priv.(RestrictionChecker)
// currently we should only support one restriction checker at a time
if ok {
k.RestrictionChecker[priv.Name()] = checker
}

return nil
}

Expand Down
6 changes: 3 additions & 3 deletions x/asset/keeper/keeper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,8 @@
}

func (m MockPrivilegeI) MsgHandler() types.MsgHandler {
return func(context context.Context, privMsg sdk.Msg, tokenID string, privAcc sdk.AccAddress) (proto.Message, error) {
typeUrl := sdk.MsgTypeURL(privMsg)
return func(context context.Context, privMsg proto.Message, tokenID string, privAcc sdk.AccAddress) (proto.Message, error) {

Check failure on line 109 in x/asset/keeper/keeper_test.go

View workflow job for this annotation

GitHub Actions / lint

cannot use (func(context context.Context, privMsg proto.Message, tokenID string, privAcc sdk.AccAddress) (proto.Message, error) literal) (value of type func(context context.Context, privMsg "github.com/gogo/protobuf/proto".Message, tokenID string, privAcc "github.com/cosmos/cosmos-sdk/types".AccAddress) ("github.com/gogo/protobuf/proto".Message, error)) as "github.com/realiotech/realio-network/x/asset/types".MsgHandler value in return statement (typecheck)
typeUrl := "/" + proto.MessageName(privMsg)
if typeUrl != sdk.MsgTypeURL(&types.MsgMock{}) {
return nil, errors.New("unsupport msg type")
}
Expand All @@ -124,7 +124,7 @@
}

func (m MockPrivilegeI) QueryHandler() types.QueryHandler {
return func(context context.Context, privQuery sdk.Msg) (proto.Message, error) {
return func(context context.Context, privQuery proto.Message, tokenID string) (proto.Message, error) {
return nil, nil
}
}
Expand Down
14 changes: 10 additions & 4 deletions x/asset/keeper/msg_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import (
"context"
"fmt"
"slices"

Check failure on line 6 in x/asset/keeper/msg_server.go

View workflow job for this annotation

GitHub Actions / test (1.19.x, ubuntu-latest)

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 6 in x/asset/keeper/msg_server.go

View workflow job for this annotation

GitHub Actions / Analyze

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.20.2/x64/src/slices)

Check failure on line 6 in x/asset/keeper/msg_server.go

View workflow job for this annotation

GitHub Actions / test (1.20.x, ubuntu-latest)

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.20.14/x64/src/slices)

Check failure on line 6 in x/asset/keeper/msg_server.go

View workflow job for this annotation

GitHub Actions / test (1.20.x, macos-latest)

package slices is not in GOROOT (/Users/runner/hostedtoolcache/go/1.20.14/arm64/src/slices)
"strings"

errorsmod "cosmossdk.io/errors"
Expand Down Expand Up @@ -47,10 +47,10 @@
k.SetToken(ctx, tokenId, token)
k.bankKeeper.SetDenomMetaData(ctx, bank.Metadata{
Base: tokenId, Symbol: lowerCaseSymbol, Name: lowerCaseName,
DenomUnits: []*bank.DenomUnit{{Denom: lowerCaseSymbol, Exponent: msg.Decimal}, {Denom: tokenId, Exponent: 0}},
DenomUnits: []*bank.DenomUnit{{Denom: tokenId, Exponent: msg.Decimal}},
})

tokenManage := types.NewTokenManagement(msg.Manager, msg.AddNewPrivilege, msg.ExcludedPrivileges)
tokenManage := types.NewTokenManagement(msg.Manager, msg.AddNewPrivilege, msg.ExcludedPrivileges, msg.EnabledPrivileges)
k.SetTokenManagement(ctx, tokenId, tokenManage)

ctx.EventManager().EmitEvent(
Expand Down Expand Up @@ -135,8 +135,13 @@
if tm.Manager != msg.Manager {
return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "sender is not token manager")
}
if slices.Contains(tm.ExcludedPrivileges, msg.Privilege) {
return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "privilege %s is excluded", msg.Privilege)
if !slices.Contains(tm.EnabledPrivileges, msg.GetPrivilege()) {
if !tm.AddNewPrivilege {
return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "can't add new privilege")
} else if slices.Contains(tm.ExcludedPrivileges, msg.Privilege) {
return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "privilege %s is excluded", msg.Privilege)
}
tm.EnabledPrivileges = append(tm.EnabledPrivileges, msg.Privilege)
}

for _, user := range msg.AssignedTo {
Expand All @@ -145,6 +150,7 @@
return nil, err
}
k.SetTokenPrivilegeAccount(ctx, msg.TokenId, msg.Privilege, userAcc)
k.SetTokenManagement(ctx, msg.TokenId, tm)
}

return &types.MsgAssignPrivilegeResponse{}, nil
Expand Down
52 changes: 52 additions & 0 deletions x/asset/keeper/restriction.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
package keeper

import (
"slices"

errorsmod "cosmossdk.io/errors"
sdk "github.com/cosmos/cosmos-sdk/types"
"github.com/realiotech/realio-network/x/asset/types"
)

type RestrictionChecker interface {
IsAllow(ctx sdk.Context, tokenId string, sender string) (bool, error)
}

func (k Keeper) AssetSendRestriction(ctx sdk.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (newToAddr sdk.AccAddress, err error) {
facs95 marked this conversation as resolved.
Show resolved Hide resolved
newToAddr = toAddr
err = nil

// if no checker exist allow all sender
if len(k.RestrictionChecker) == 0 {
return newToAddr, nil
}

for _, coin := range amt {
// Check if the value already exists
// fetch bank metadata to get symbol from denom
tokenID := coin.Denom
tm, isFound := k.GetTokenManagement(
ctx,
tokenID,
)
if !isFound {
continue
}
enabledPrivileges := tm.EnabledPrivileges
for priv, restrictionChecker := range k.RestrictionChecker {
if slices.Contains(enabledPrivileges, priv) {
isAllow, err := restrictionChecker.IsAllow(ctx, tokenID, fromAddr.String())
if err != nil {
return newToAddr, err
}
if isAllow {
continue
} else { //nolint:revive // superfluous else, could fix, but not worth it?
err = errorsmod.Wrapf(types.ErrNotAuthorized, "%s is not authorized to transact with %s", fromAddr, coin.Denom)
return newToAddr, err
}
}
}
Comment on lines +36 to +49

Check warning

Code scanning / CodeQL

Iteration over map Warning

Iteration over map may be a possible source of non-determinism
}
return newToAddr, nil
}
Loading
Loading