diff --git a/app/app.go b/app/app.go index 8406c43f21..0625df5f08 100644 --- a/app/app.go +++ b/app/app.go @@ -361,6 +361,7 @@ func New( appCodec, keys[authoritytypes.StoreKey], keys[authoritytypes.MemStoreKey], + authtypes.NewModuleAddress(govtypes.ModuleName), ) app.ObserverKeeper = observerkeeper.NewKeeper( diff --git a/docs/spec/authority/messages.md b/docs/spec/authority/messages.md index a481230dd0..788e95c6f6 100644 --- a/docs/spec/authority/messages.md +++ b/docs/spec/authority/messages.md @@ -6,7 +6,7 @@ UpdatePolicies updates policies ```proto message MsgUpdatePolicies { - string authority_address = 1; + string signer = 1; Policies policies = 2; } ``` diff --git a/docs/spec/crosschain/messages.md b/docs/spec/crosschain/messages.md index f69a931598..d18adeb778 100644 --- a/docs/spec/crosschain/messages.md +++ b/docs/spec/crosschain/messages.md @@ -215,7 +215,7 @@ message MsgWhitelistERC20 { ## MsgUpdateTssAddress -Authorized: admin policy group 2. +UpdateTssAddress updates the TSS address. ```proto message MsgUpdateTssAddress { @@ -226,7 +226,7 @@ message MsgUpdateTssAddress { ## MsgMigrateTssFunds -Authorized: admin policy group 2. +MigrateTssFunds migrates the funds from the current TSS to the new TSS ```proto message MsgMigrateTssFunds { diff --git a/docs/spec/fungible/messages.md b/docs/spec/fungible/messages.md index 8b92ef5bad..696cc70631 100644 --- a/docs/spec/fungible/messages.md +++ b/docs/spec/fungible/messages.md @@ -91,7 +91,7 @@ message MsgUpdateContractBytecode { ## MsgUpdateZRC20WithdrawFee -Authorized: admin policy group 2. +UpdateZRC20WithdrawFee updates the withdraw fee and gas limit of a zrc20 token ```proto message MsgUpdateZRC20WithdrawFee { diff --git a/proto/authority/tx.proto b/proto/authority/tx.proto index 2eb05e2798..4caa8d3808 100644 --- a/proto/authority/tx.proto +++ b/proto/authority/tx.proto @@ -13,7 +13,7 @@ service Msg { // MsgUpdatePolicies defines the MsgUpdatePolicies service. message MsgUpdatePolicies { - string authority_address = 1; + string signer = 1; Policies policies = 2 [(gogoproto.nullable) = false]; } diff --git a/testutil/keeper/authority.go b/testutil/keeper/authority.go index 737c732b2a..2c599e66a3 100644 --- a/testutil/keeper/authority.go +++ b/testutil/keeper/authority.go @@ -7,13 +7,18 @@ import ( "github.com/cosmos/cosmos-sdk/store" storetypes "github.com/cosmos/cosmos-sdk/store/types" sdk "github.com/cosmos/cosmos-sdk/types" - mock "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" tmdb "github.com/tendermint/tm-db" + "github.com/zeta-chain/zetacore/testutil/sample" "github.com/zeta-chain/zetacore/x/authority/keeper" "github.com/zeta-chain/zetacore/x/authority/types" ) +var ( + AuthorityGovAddress = sample.Bech32AccAddress() +) + func initAuthorityKeeper( cdc codec.Codec, db *tmdb.MemDB, @@ -28,6 +33,7 @@ func initAuthorityKeeper( cdc, storeKey, memKey, + AuthorityGovAddress, ) } @@ -61,6 +67,7 @@ func AuthorityKeeper(t testing.TB) (*keeper.Keeper, sdk.Context) { cdc, storeKey, memStoreKey, + AuthorityGovAddress, ) return &k, ctx diff --git a/typescript/authority/tx_pb.d.ts b/typescript/authority/tx_pb.d.ts index 1b0c157963..47754ecd56 100644 --- a/typescript/authority/tx_pb.d.ts +++ b/typescript/authority/tx_pb.d.ts @@ -14,9 +14,9 @@ import type { Policies } from "./policies_pb.js"; */ export declare class MsgUpdatePolicies extends Message { /** - * @generated from field: string authority_address = 1; + * @generated from field: string signer = 1; */ - authorityAddress: string; + signer: string; /** * @generated from field: zetachain.zetacore.authority.Policies policies = 2; diff --git a/x/authority/keeper/keeper.go b/x/authority/keeper/keeper.go index 34fbb52781..46e8cb9bc4 100644 --- a/x/authority/keeper/keeper.go +++ b/x/authority/keeper/keeper.go @@ -15,6 +15,8 @@ type Keeper struct { cdc codec.Codec storeKey storetypes.StoreKey memKey storetypes.StoreKey + // the address capable of executing a MsgUpdatePolicies message. Typically, this should be the x/gov module account. + govAddr sdk.AccAddress } // NewKeeper creates new instances of the authority Keeper @@ -22,11 +24,13 @@ func NewKeeper( cdc codec.Codec, storeKey, memKey storetypes.StoreKey, + govAddr sdk.AccAddress, ) Keeper { return Keeper{ cdc: cdc, storeKey: storeKey, memKey: memKey, + govAddr: govAddr, } } diff --git a/x/authority/keeper/msg_server_update_policies.go b/x/authority/keeper/msg_server_update_policies.go index 5e178e76a8..e228c8cdce 100644 --- a/x/authority/keeper/msg_server_update_policies.go +++ b/x/authority/keeper/msg_server_update_policies.go @@ -3,7 +3,9 @@ package keeper import ( "context" + errorsmod "cosmossdk.io/errors" sdk "github.com/cosmos/cosmos-sdk/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" "github.com/zeta-chain/zetacore/x/authority/types" ) @@ -11,8 +13,17 @@ import ( func (k msgServer) UpdatePolicies(goCtx context.Context, msg *types.MsgUpdatePolicies) (*types.MsgUpdatePoliciesResponse, error) { ctx := sdk.UnwrapSDKContext(goCtx) - // TODO: check if authorized + // check called by governance + if k.govAddr.String() != msg.Signer { + return nil, errorsmod.Wrapf( + govtypes.ErrInvalidSigner, + "invalid authority, expected %s, got %s", + k.govAddr.String(), + msg.Signer, + ) + } + // set policies k.SetPolicies(ctx, msg.Policies) return &types.MsgUpdatePoliciesResponse{}, nil diff --git a/x/authority/keeper/msg_server_update_policies_test.go b/x/authority/keeper/msg_server_update_policies_test.go index b9524ba257..5a9a124a2a 100644 --- a/x/authority/keeper/msg_server_update_policies_test.go +++ b/x/authority/keeper/msg_server_update_policies_test.go @@ -3,6 +3,8 @@ package keeper_test import ( "testing" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + sdk "github.com/cosmos/cosmos-sdk/types" "github.com/stretchr/testify/require" keepertest "github.com/zeta-chain/zetacore/testutil/keeper" @@ -12,6 +14,19 @@ import ( ) func TestMsgServer_UpdatePolicies(t *testing.T) { + t.Run("can't update policies with invalid signer", func(t *testing.T) { + k, ctx := keepertest.AuthorityKeeper(t) + msgServer := keeper.NewMsgServerImpl(*k) + + policies := sample.Policies() + + _, err := msgServer.UpdatePolicies(sdk.WrapSDKContext(ctx), &types.MsgUpdatePolicies{ + Signer: sample.AccAddress(), + Policies: policies, + }) + require.ErrorIs(t, err, govtypes.ErrInvalidSigner) + }) + t.Run("can update policies", func(t *testing.T) { k, ctx := keepertest.AuthorityKeeper(t) msgServer := keeper.NewMsgServerImpl(*k) @@ -19,8 +34,8 @@ func TestMsgServer_UpdatePolicies(t *testing.T) { policies := sample.Policies() res, err := msgServer.UpdatePolicies(sdk.WrapSDKContext(ctx), &types.MsgUpdatePolicies{ - AuthorityAddress: sample.AccAddress(), - Policies: policies, + Signer: keepertest.AuthorityGovAddress.String(), + Policies: policies, }) require.NotNil(t, res) require.NoError(t, err) diff --git a/x/authority/types/message_update_policies.go b/x/authority/types/message_update_policies.go index 5822dce148..e34a7fb6c3 100644 --- a/x/authority/types/message_update_policies.go +++ b/x/authority/types/message_update_policies.go @@ -10,10 +10,10 @@ const TypeMsgUpdatePolicies = "UpdatePolicies" var _ sdk.Msg = &MsgUpdatePolicies{} -func NewMsgUpdatePolicies(creator string, policies Policies) *MsgUpdatePolicies { +func NewMsgUpdatePolicies(signer string, policies Policies) *MsgUpdatePolicies { return &MsgUpdatePolicies{ - AuthorityAddress: creator, - Policies: policies, + Signer: signer, + Policies: policies, } } @@ -26,7 +26,7 @@ func (msg *MsgUpdatePolicies) Type() string { } func (msg *MsgUpdatePolicies) GetSigners() []sdk.AccAddress { - creator, err := sdk.AccAddressFromBech32(msg.AuthorityAddress) + creator, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { panic(err) } @@ -39,9 +39,9 @@ func (msg *MsgUpdatePolicies) GetSignBytes() []byte { } func (msg *MsgUpdatePolicies) ValidateBasic() error { - _, err := sdk.AccAddressFromBech32(msg.AuthorityAddress) + _, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return errorsmod.Wrapf(sdkerrors.ErrInvalidAddress, "invalid creator address (%s)", err) + return errorsmod.Wrapf(sdkerrors.ErrInvalidAddress, "invalid signer address (%s)", err) } if err := msg.Policies.Validate(); err != nil { diff --git a/x/authority/types/tx.pb.go b/x/authority/types/tx.pb.go index bb1b4489da..1f109e4e3d 100644 --- a/x/authority/types/tx.pb.go +++ b/x/authority/types/tx.pb.go @@ -31,8 +31,8 @@ const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package // MsgUpdatePolicies defines the MsgUpdatePolicies service. type MsgUpdatePolicies struct { - AuthorityAddress string `protobuf:"bytes,1,opt,name=authority_address,json=authorityAddress,proto3" json:"authority_address,omitempty"` - Policies Policies `protobuf:"bytes,2,opt,name=policies,proto3" json:"policies"` + Signer string `protobuf:"bytes,1,opt,name=signer,proto3" json:"signer,omitempty"` + Policies Policies `protobuf:"bytes,2,opt,name=policies,proto3" json:"policies"` } func (m *MsgUpdatePolicies) Reset() { *m = MsgUpdatePolicies{} } @@ -68,9 +68,9 @@ func (m *MsgUpdatePolicies) XXX_DiscardUnknown() { var xxx_messageInfo_MsgUpdatePolicies proto.InternalMessageInfo -func (m *MsgUpdatePolicies) GetAuthorityAddress() string { +func (m *MsgUpdatePolicies) GetSigner() string { if m != nil { - return m.AuthorityAddress + return m.Signer } return "" } @@ -127,24 +127,24 @@ func init() { func init() { proto.RegisterFile("authority/tx.proto", fileDescriptor_dccbf6440c31743d) } var fileDescriptor_dccbf6440c31743d = []byte{ - // 269 bytes of a gzipped FileDescriptorProto + // 260 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4a, 0x2c, 0x2d, 0xc9, 0xc8, 0x2f, 0xca, 0x2c, 0xa9, 0xd4, 0x2f, 0xa9, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0xa9, 0x4a, 0x2d, 0x49, 0x4c, 0xce, 0x48, 0xcc, 0xcc, 0xd3, 0x03, 0xb3, 0xf2, 0x8b, 0x52, 0xf5, 0xe0, 0xca, 0xa4, 0x24, 0x10, 0x3a, 0x0a, 0xf2, 0x73, 0x32, 0x93, 0x33, 0x53, 0x8b, 0x21, 0xfa, - 0xa4, 0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x4c, 0x7d, 0x10, 0x0b, 0x22, 0xaa, 0xd4, 0xc5, 0xc8, - 0x25, 0xe8, 0x5b, 0x9c, 0x1e, 0x5a, 0x90, 0x92, 0x58, 0x92, 0x1a, 0x00, 0xd5, 0x21, 0xa4, 0xcd, - 0x25, 0x08, 0x37, 0x27, 0x3e, 0x31, 0x25, 0xa5, 0x28, 0xb5, 0xb8, 0x58, 0x82, 0x51, 0x81, 0x51, - 0x83, 0x33, 0x48, 0x00, 0x2e, 0xe1, 0x08, 0x11, 0x17, 0xf2, 0xe0, 0xe2, 0x80, 0x59, 0x25, 0xc1, - 0xa4, 0xc0, 0xa8, 0xc1, 0x6d, 0xa4, 0xa6, 0x87, 0xcf, 0x8d, 0x7a, 0x30, 0x6b, 0x9c, 0x58, 0x4e, - 0xdc, 0x93, 0x67, 0x08, 0x82, 0xeb, 0x56, 0x92, 0xe6, 0x92, 0xc4, 0x70, 0x4b, 0x50, 0x6a, 0x71, - 0x41, 0x7e, 0x5e, 0x71, 0xaa, 0x51, 0x23, 0x23, 0x17, 0xb3, 0x6f, 0x71, 0xba, 0x50, 0x15, 0x17, - 0x1f, 0x9a, 0x6b, 0xf5, 0xf1, 0x5b, 0x87, 0x61, 0xa4, 0x94, 0x39, 0x89, 0x1a, 0x60, 0x6e, 0x70, - 0xf2, 0x3a, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x27, 0x3c, - 0x96, 0x63, 0xb8, 0xf0, 0x58, 0x8e, 0xe1, 0xc6, 0x63, 0x39, 0x86, 0x28, 0x83, 0xf4, 0xcc, 0x92, - 0x8c, 0xd2, 0x24, 0xbd, 0xe4, 0xfc, 0x5c, 0x7d, 0x90, 0x91, 0xba, 0x60, 0xd3, 0xf5, 0x61, 0xa6, - 0xeb, 0x57, 0xe8, 0x23, 0x45, 0x65, 0x65, 0x41, 0x6a, 0x71, 0x12, 0x1b, 0x38, 0x02, 0x8c, 0x01, - 0x01, 0x00, 0x00, 0xff, 0xff, 0xa1, 0x71, 0x71, 0xb7, 0xe4, 0x01, 0x00, 0x00, + 0xa4, 0x44, 0xd2, 0xf3, 0xd3, 0xf3, 0xc1, 0x4c, 0x7d, 0x10, 0x0b, 0x22, 0xaa, 0x54, 0xca, 0x25, + 0xe8, 0x5b, 0x9c, 0x1e, 0x5a, 0x90, 0x92, 0x58, 0x92, 0x1a, 0x00, 0xd5, 0x20, 0x24, 0xc6, 0xc5, + 0x56, 0x9c, 0x99, 0x9e, 0x97, 0x5a, 0x24, 0xc1, 0xa8, 0xc0, 0xa8, 0xc1, 0x19, 0x04, 0xe5, 0x09, + 0x79, 0x70, 0x71, 0xc0, 0x0c, 0x95, 0x60, 0x52, 0x60, 0xd4, 0xe0, 0x36, 0x52, 0xd3, 0xc3, 0xe7, + 0x1a, 0x3d, 0x98, 0x89, 0x4e, 0x2c, 0x27, 0xee, 0xc9, 0x33, 0x04, 0xc1, 0x75, 0x2b, 0x49, 0x73, + 0x49, 0x62, 0x58, 0x1b, 0x94, 0x5a, 0x5c, 0x90, 0x9f, 0x57, 0x9c, 0x6a, 0xd4, 0xc8, 0xc8, 0xc5, + 0xec, 0x5b, 0x9c, 0x2e, 0x54, 0xc5, 0xc5, 0x87, 0xe6, 0x30, 0x7d, 0xfc, 0xd6, 0x61, 0x18, 0x29, + 0x65, 0x4e, 0xa2, 0x06, 0x98, 0x1b, 0x9c, 0xbc, 0x4e, 0x3c, 0x92, 0x63, 0xbc, 0xf0, 0x48, 0x8e, + 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x09, 0x8f, 0xe5, 0x18, 0x2e, 0x3c, 0x96, 0x63, 0xb8, 0xf1, 0x58, + 0x8e, 0x21, 0xca, 0x20, 0x3d, 0xb3, 0x24, 0xa3, 0x34, 0x49, 0x2f, 0x39, 0x3f, 0x57, 0x1f, 0x64, + 0xa4, 0x2e, 0xd8, 0x74, 0x7d, 0x98, 0xe9, 0xfa, 0x15, 0xfa, 0x48, 0x91, 0x56, 0x59, 0x90, 0x5a, + 0x9c, 0xc4, 0x06, 0x0e, 0x6a, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf1, 0x8b, 0x6c, 0x4f, + 0xce, 0x01, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -257,10 +257,10 @@ func (m *MsgUpdatePolicies) MarshalToSizedBuffer(dAtA []byte) (int, error) { } i-- dAtA[i] = 0x12 - if len(m.AuthorityAddress) > 0 { - i -= len(m.AuthorityAddress) - copy(dAtA[i:], m.AuthorityAddress) - i = encodeVarintTx(dAtA, i, uint64(len(m.AuthorityAddress))) + if len(m.Signer) > 0 { + i -= len(m.Signer) + copy(dAtA[i:], m.Signer) + i = encodeVarintTx(dAtA, i, uint64(len(m.Signer))) i-- dAtA[i] = 0xa } @@ -307,7 +307,7 @@ func (m *MsgUpdatePolicies) Size() (n int) { } var l int _ = l - l = len(m.AuthorityAddress) + l = len(m.Signer) if l > 0 { n += 1 + l + sovTx(uint64(l)) } @@ -362,7 +362,7 @@ func (m *MsgUpdatePolicies) Unmarshal(dAtA []byte) error { switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuthorityAddress", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Signer", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -390,7 +390,7 @@ func (m *MsgUpdatePolicies) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AuthorityAddress = string(dAtA[iNdEx:postIndex]) + m.Signer = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { diff --git a/x/crosschain/keeper/gas_payment_test.go b/x/crosschain/keeper/gas_payment_test.go index fc67a5bfc9..8ed31d8a46 100644 --- a/x/crosschain/keeper/gas_payment_test.go +++ b/x/crosschain/keeper/gas_payment_test.go @@ -1,11 +1,12 @@ package keeper_test import ( - "github.com/zeta-chain/zetacore/testutil/sample" - observertypes "github.com/zeta-chain/zetacore/x/observer/types" "math/big" "testing" + "github.com/zeta-chain/zetacore/testutil/sample" + observertypes "github.com/zeta-chain/zetacore/x/observer/types" + "cosmossdk.io/math" "github.com/stretchr/testify/require" diff --git a/x/crosschain/keeper/msg_server_update_tss.go b/x/crosschain/keeper/msg_server_update_tss.go index 1031f830b8..be9c6a8595 100644 --- a/x/crosschain/keeper/msg_server_update_tss.go +++ b/x/crosschain/keeper/msg_server_update_tss.go @@ -2,6 +2,7 @@ package keeper import ( "context" + authoritytypes "github.com/zeta-chain/zetacore/x/authority/types" errorsmod "cosmossdk.io/errors" diff --git a/x/crosschain/keeper/msg_server_whitelist_erc20.go b/x/crosschain/keeper/msg_server_whitelist_erc20.go index 9fff534bf0..e269f2312a 100644 --- a/x/crosschain/keeper/msg_server_whitelist_erc20.go +++ b/x/crosschain/keeper/msg_server_whitelist_erc20.go @@ -3,9 +3,10 @@ package keeper import ( "context" "fmt" - authoritytypes "github.com/zeta-chain/zetacore/x/authority/types" "math/big" + authoritytypes "github.com/zeta-chain/zetacore/x/authority/types" + errorsmod "cosmossdk.io/errors" "cosmossdk.io/math" diff --git a/x/crosschain/keeper/msg_server_whitelist_erc20_test.go b/x/crosschain/keeper/msg_server_whitelist_erc20_test.go index 86586deb2c..7f13a25611 100644 --- a/x/crosschain/keeper/msg_server_whitelist_erc20_test.go +++ b/x/crosschain/keeper/msg_server_whitelist_erc20_test.go @@ -2,9 +2,10 @@ package keeper_test import ( "fmt" - authoritytypes "github.com/zeta-chain/zetacore/x/authority/types" "testing" + authoritytypes "github.com/zeta-chain/zetacore/x/authority/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" ethcommon "github.com/ethereum/go-ethereum/common" "github.com/stretchr/testify/require"