fix(ante): prevent nested withdraw delegator rewards (#201)

strangelove-ventures · Jul 20, 2024 · 3595e3d · 3595e3d
1 parent 93d500b
commit 3595e3d
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/ante/disable_withdraw_delegator_rewards.go b/ante/disable_withdraw_delegator_rewards.go
@@ -2,6 +2,7 @@ package poaante
 
 import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/authz"
 	distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types"
 
 	"github.com/strangelove-ventures/poa"
@@ -30,6 +31,18 @@ func (mdwr MsgDisableWithdrawDelegatorRewards) AnteHandle(ctx sdk.Context, tx sd
 
 func (mdwr MsgDisableWithdrawDelegatorRewards) hasWithdrawDelegatorRewardsMsg(msgs []sdk.Msg) bool {
 	for _, msg := range msgs {
+		// authz nested message check (recursive)
+		if execMsg, ok := msg.(*authz.MsgExec); ok {
+			msgs, err := execMsg.GetMessages()
+			if err != nil {
+				return true
+			}
+
+			if mdwr.hasWithdrawDelegatorRewardsMsg(msgs) {
+				return true
+			}
+		}
+
 		if _, ok := msg.(*distrtypes.MsgWithdrawDelegatorReward); ok {
 			return true
 		}

diff --git a/e2e/helpers/distribution.go b/e2e/helpers/distribution.go
@@ -0,0 +1,15 @@
+package helpers
+
+import (
+	"context"
+	"testing"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/strangelove-ventures/interchaintest/v8/chain/cosmos"
+	"github.com/strangelove-ventures/interchaintest/v8/ibc"
+)
+
+func WithdrawDelegatorRewards(t *testing.T, ctx context.Context, chain *cosmos.CosmosChain, user ibc.Wallet, valoper string) (sdk.TxResponse, error) {
+	cmd := TxCommandBuilder(ctx, chain, []string{"tx", "distribution", "withdraw-rewards", valoper}, user.KeyName())
+	return ExecuteTransaction(ctx, chain, cmd)
+}
diff --git a/e2e/poa_test.go b/e2e/poa_test.go
@@ -46,6 +46,7 @@ func TestPOABase(t *testing.T) {
 
 	// === Test Cases ===
 	testStakingDisabled(t, ctx, chain, validators, acc0, acc1)
+	testWithdrawDelegatorRewardsDisabled(t, ctx, chain, validators, acc0, acc1)
 	testPowerErrors(t, ctx, chain, validators, incorrectUser, acc0)
 	testRemovePending(t, ctx, chain, acc0)
 }
@@ -74,6 +75,31 @@ func testStakingDisabled(t *testing.T, ctx context.Context, chain *cosmos.Cosmos
 	require.Contains(t, res.RawLog, poa.ErrStakingActionNotAllowed.Error())
 }
 
+func testWithdrawDelegatorRewardsDisabled(t *testing.T, ctx context.Context, chain *cosmos.CosmosChain, validators []string, acc0, acc1 ibc.Wallet) {
+	t.Log("\n===== TEST WITHDRAW DELEGATOR REWARDS DISABLED =====")
+
+	// Normal withdraw delegation rewards execution fails
+	txRes, _ := helpers.WithdrawDelegatorRewards(t, ctx, chain, acc0, validators[0])
+	require.Contains(t, txRes.RawLog, poa.ErrWithdrawDelegatorRewardsNotAllowed.Error())
+
+	granter := acc1
+	grantee := acc0
+
+	// Grant grantee (acc0) the ability to delegate from granter (acc1)
+	res, err := helpers.ExecuteAuthzGrantMsg(t, ctx, chain, granter, grantee, "/cosmos.distribution.v1beta1.MsgWithdrawDelegatorReward")
+	require.NoError(t, err)
+	require.EqualValues(t, res.Code, 0)
+
+	// Generate nested message
+	nested := []string{"tx", "distribution", "withdraw-rewards", validators[0]}
+	nestedCmd := helpers.TxCommandBuilder(ctx, chain, nested, granter.FormattedAddress())
+
+	// Execute nested message via a wrapped Exec
+	res, err = helpers.ExecuteAuthzExecMsg(t, ctx, chain, grantee, nestedCmd)
+	require.NoError(t, err)
+	require.Contains(t, res.RawLog, poa.ErrWithdrawDelegatorRewardsNotAllowed.Error())
+}
+
 func testRemovePending(t *testing.T, ctx context.Context, chain *cosmos.CosmosChain, acc0 ibc.Wallet) {
 	t.Log("\n===== TEST PENDING =====")