Skip to content

Commit

Permalink
Merge pull request from GHSA-j658-c98j-fww4 (cosmos#1126)
Browse files Browse the repository at this point in the history
Co-authored-by: Carlos Rodriguez <[email protected]>

Co-authored-by: Carlos Rodriguez <[email protected]>
  • Loading branch information
Carlos Rodriguez and crodriguezvega authored Mar 15, 2022
1 parent 712351f commit bfb7685
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 0 deletions.
4 changes: 4 additions & 0 deletions modules/apps/transfer/keeper/relay.go
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,10 @@ func (k Keeper) OnRecvPacket(ctx sdk.Context, packet channeltypes.Packet, data t
}
token := sdk.NewCoin(denom, transferAmount)

if k.bankKeeper.BlockedAddr(receiver) {
return sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", receiver)
}

// unescrow tokens
escrowAddress := types.GetEscrowAddress(packet.GetDestPort(), packet.GetDestChannel())
if err := k.bankKeeper.SendCoins(ctx, escrowAddress, receiver, sdk.NewCoins(token)); err != nil {
Expand Down
10 changes: 10 additions & 0 deletions modules/apps/transfer/keeper/relay_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,16 @@ func (suite *KeeperTestSuite) TestOnRecvPacket() {
{"tries to unescrow more tokens than allowed", func() {
amount = sdk.NewInt(1000000)
}, true, false},

// - coin being sent to module address on chainA
{"failure: receive on module account", func() {
receiver = suite.chainA.GetSimApp().AccountKeeper.GetModuleAddress(types.ModuleName).String()
}, false, false},

// - coin being sent back to original chain (chainB) to module address
{"failure: receive on module account on source chain", func() {
receiver = suite.chainB.GetSimApp().AccountKeeper.GetModuleAddress(types.ModuleName).String()
}, true, false},
}

for _, tc := range testCases {
Expand Down
1 change: 1 addition & 0 deletions modules/apps/transfer/types/expected_keepers.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ type BankKeeper interface {
BurnCoins(ctx sdk.Context, moduleName string, amt sdk.Coins) error
SendCoinsFromModuleToAccount(ctx sdk.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error
SendCoinsFromAccountToModule(ctx sdk.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error
BlockedAddr(addr sdk.AccAddress) bool
}

// ChannelKeeper defines the expected IBC channel keeper
Expand Down

0 comments on commit bfb7685

Please sign in to comment.