Fix/authz #379
Draft
Fix/authz #379
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This pull request implements a critical security fix by introducing the AuthzLimiterDecorator to prevent dangerous contract-related messages from being executed via the Cosmos SDK authz module, addressing a vulnerability where malicious actors could bypass ante handlers.
- Added
AuthzLimiterDecoratorthat blocks specific dangerous message types from being nested insideauthz.MsgExectransactions - Integrated the decorator into the ante handler chain to enforce restrictions during transaction processing
- Implemented comprehensive testing to verify the security fix works correctly
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| app/authz_ante.go | Core implementation of AuthzLimiterDecorator with message validation logic |
| app/ante.go | Integration of the new decorator into the ante handler chain with restricted message types |
| app/authz_ante_test.go | Unit tests verifying decorator functionality for both allowed and restricted messages |
| app/authz_integration_test.go | Integration tests demonstrating vulnerability prevention and comprehensive message type blocking |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]> Signed-off-by: TwiceBurnt <[email protected]>
Co-authored-by: Copilot <[email protected]> Signed-off-by: TwiceBurnt <[email protected]>
|
Converting to Draft to avoid accidental merge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new security mechanism to prevent dangerous contract-related messages from being executed via the Cosmos SDK
authzmodule, addressing a critical vulnerability. The main addition is theAuthzLimiterDecorator, which blocks specific message types (such as contract execution and management) from being nested insideauthz.MsgExectransactions. Comprehensive unit and integration tests are included to ensure the decorator works as intended and does not interfere with legitimate authz operations.Security hardening:
AuthzLimiterDecoratorinapp/authz_ante.goto prevent execution of dangerous message types (e.g., contract execution, instantiation, migration, admin updates) viaauthz.MsgExec, mitigating a known bypass vulnerability.AuthzLimiterDecoratorinto the ante handler chain inapp/ante.goto enforce these restrictions during transaction processing.Testing and verification:
app/authz_ante_test.goto verify that restricted message types are blocked and legitimate messages are allowed by the decorator.app/authz_integration_test.goto demonstrate that the decorator prevents the reported vulnerability and blocks all dangerous contract-related message types, while allowing safe authz operations.