From bcc1e6777df146a2bb57590a01c02e4077cc4acc Mon Sep 17 00:00:00 2001
From: Joel Smith <joelsmith.2019@gmail.com>
Date: Thu, 12 Sep 2024 15:45:20 -0500
Subject: [PATCH] Add Wormhole Module Unit Tests

---
 wormchain/x/wormhole/keeper/allowlist_test.go |  90 +++++++
 .../keeper/grpc_query_allowlist_test.go       |  64 +++++
 .../grpc_query_ibc_composability_mw_test.go   |  36 +++
 ...pc_query_latest_guardian_set_index_test.go |  47 ++++
 ...c_query_wasm_instantiate_allowlist_test.go |  39 +++
 .../keeper/ibc_composability_mw_test.go       |  29 +++
 ..._server_wasm_instantiate_allowlist_test.go | 226 ++++++++++++++++++
 7 files changed, 531 insertions(+)
 create mode 100644 wormchain/x/wormhole/keeper/allowlist_test.go
 create mode 100644 wormchain/x/wormhole/keeper/grpc_query_allowlist_test.go
 create mode 100644 wormchain/x/wormhole/keeper/grpc_query_ibc_composability_mw_test.go
 create mode 100644 wormchain/x/wormhole/keeper/grpc_query_latest_guardian_set_index_test.go
 create mode 100644 wormchain/x/wormhole/keeper/grpc_query_wasm_instantiate_allowlist_test.go
 create mode 100644 wormchain/x/wormhole/keeper/ibc_composability_mw_test.go
 create mode 100644 wormchain/x/wormhole/keeper/msg_server_wasm_instantiate_allowlist_test.go

diff --git a/wormchain/x/wormhole/keeper/allowlist_test.go b/wormchain/x/wormhole/keeper/allowlist_test.go
new file mode 100644
index 0000000000..3da54e9257
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/allowlist_test.go
@@ -0,0 +1,90 @@
+package keeper_test
+
+import (
+	"testing"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+	"github.com/wormhole-foundation/wormhole/sdk/vaa"
+)
+
+// TestAllowedAddressStore tests the setting, getting, and removing of allowed addresses
+func TestAllowedAddressStore(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	value := types.ValidatorAllowedAddress{
+		ValidatorAddress: "wormhole1du4amsmvx8yqr8whw7qc5m3c0zpwknmzelwqy6",
+		AllowedAddress:   "wormhole13ztxpktzsng3ewkepe2w39ugxzfdf23teptu9n",
+		Name:             "User1",
+	}
+
+	// Set validator allowed list
+	k.SetValidatorAllowedAddress(ctx, value)
+
+	// Check if address exists
+	hasAddr := k.HasValidatorAllowedAddress(ctx, value.AllowedAddress)
+	require.True(t, hasAddr)
+
+	// Check faulty address - does not exist
+	hasAddr = k.HasValidatorAllowedAddress(ctx, "invalid")
+	require.False(t, hasAddr)
+
+	// Retrieve & validate
+	res := k.GetValidatorAllowedAddress(ctx, value.AllowedAddress)
+	require.Equal(t, value.ValidatorAddress, res.ValidatorAddress)
+	require.Equal(t, value.AllowedAddress, res.AllowedAddress)
+	require.Equal(t, value.Name, res.Name)
+
+	// Get all allowed addresses
+	addrList := k.GetAllAllowedAddresses(ctx)
+	require.Equal(t, 1, len(addrList))
+	res = addrList[0]
+	require.Equal(t, value.ValidatorAddress, res.ValidatorAddress)
+	require.Equal(t, value.AllowedAddress, res.AllowedAddress)
+	require.Equal(t, value.Name, res.Name)
+
+	// Remove address
+	k.RemoveValidatorAllowedAddress(ctx, value.AllowedAddress)
+
+	// Check if address exists
+	hasAddr = k.HasValidatorAllowedAddress(ctx, value.AllowedAddress)
+	require.False(t, hasAddr)
+}
+
+func TestValidatorAsAllowedAddress(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	// Create guardian set
+	guardians, _ := createNGuardianValidator(k, ctx, 10)
+	k.SetConfig(ctx, types.Config{
+		GovernanceEmitter:     vaa.GovernanceEmitter[:],
+		GovernanceChain:       uint32(vaa.GovernanceChain),
+		ChainId:               uint32(vaa.ChainIDWormchain),
+		GuardianSetExpiration: 86400,
+	})
+
+	createNewGuardianSet(k, ctx, guardians)
+	k.SetConsensusGuardianSetIndex(ctx, types.ConsensusGuardianSetIndex{
+		Index: 0,
+	})
+
+	// Get validator addr
+	addr, err := sdk.Bech32ifyAddressBytes("wormhole", guardians[0].ValidatorAddr)
+	require.NoError(t, err)
+
+	// Check if validator belongs to a guardian
+	_, found := k.GetGuardianValidatorByValidatorAddress(ctx, addr)
+	require.True(t, found)
+
+	// Check if validator is a current/future validator
+	isVal := k.IsAddressValidatorOrFutureValidator(ctx, addr)
+	require.True(t, isVal)
+
+	// Check invalid addresses
+	_, found = k.GetGuardianValidatorByValidatorAddress(ctx, "wormhole13ztxpktzsng3ewkepe2w39ugxzfdf23teptu9n")
+	require.False(t, found)
+	isVal = k.IsAddressValidatorOrFutureValidator(ctx, "wormhole13ztxpktzsng3ewkepe2w39ugxzfdf23teptu9n")
+	require.False(t, isVal)
+}
diff --git a/wormchain/x/wormhole/keeper/grpc_query_allowlist_test.go b/wormchain/x/wormhole/keeper/grpc_query_allowlist_test.go
new file mode 100644
index 0000000000..0095e04852
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/grpc_query_allowlist_test.go
@@ -0,0 +1,64 @@
+package keeper_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+)
+
+// TestQueryAllowlist tests the allow list queries
+func TestQueryAllowlist(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	// Check if no allowlist exists
+	res, err := k.AllowlistAll(ctx, &types.QueryAllValidatorAllowlist{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, 0, len(res.Allowlist))
+
+	value := types.ValidatorAllowedAddress{
+		ValidatorAddress: "wormhole1du4amsmvx8yqr8whw7qc5m3c0zpwknmzelwqy6",
+		AllowedAddress:   "wormhole13ztxpktzsng3ewkepe2w39ugxzfdf23teptu9n",
+		Name:             "User1",
+	}
+
+	// Set validator allowed list
+	k.SetValidatorAllowedAddress(ctx, value)
+
+	// Query all allow lists
+	res, err = k.AllowlistAll(ctx, &types.QueryAllValidatorAllowlist{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, 1, len(res.Allowlist))
+	require.Equal(t, value.ValidatorAddress, res.Allowlist[0].ValidatorAddress)
+	require.Equal(t, value.AllowedAddress, res.Allowlist[0].AllowedAddress)
+	require.Equal(t, value.Name, res.Allowlist[0].Name)
+
+	// Invalid query all
+	_, err = k.Allowlist(ctx, nil)
+	require.Error(t, err)
+
+	// Query allow list by address
+	res2, err := k.Allowlist(ctx, &types.QueryValidatorAllowlist{
+		ValidatorAddress: value.ValidatorAddress,
+	})
+	require.NoError(t, err)
+	require.NotNil(t, res2)
+	require.Equal(t, 1, len(res2.Allowlist))
+	require.Equal(t, value.ValidatorAddress, res2.Allowlist[0].ValidatorAddress)
+	require.Equal(t, value.AllowedAddress, res2.Allowlist[0].AllowedAddress)
+
+	// Query with nil request
+	_, err = k.Allowlist(ctx, nil)
+	require.Error(t, err)
+
+	// Query invalid address
+	res2, err = k.Allowlist(ctx, &types.QueryValidatorAllowlist{
+		ValidatorAddress: "invalid",
+	})
+	require.NoError(t, err)
+	require.NotNil(t, res2)
+	require.Equal(t, 0, len(res2.Allowlist))
+}
diff --git a/wormchain/x/wormhole/keeper/grpc_query_ibc_composability_mw_test.go b/wormchain/x/wormhole/keeper/grpc_query_ibc_composability_mw_test.go
new file mode 100644
index 0000000000..3d96bc445b
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/grpc_query_ibc_composability_mw_test.go
@@ -0,0 +1,36 @@
+package keeper_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+)
+
+// TestQueryIbcComposabilityMwContract tests querying of the IbcComposabilityMwContract
+func TestQueryIbcComposabilityMwContract(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	// Invalid query with nil request
+	_, err := k.IbcComposabilityMwContract(ctx, nil)
+	require.Error(t, err)
+
+	// Query when no contract is set
+	res, err := k.IbcComposabilityMwContract(ctx, &types.QueryIbcComposabilityMwContractRequest{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, "", res.ContractAddress)
+
+	// Set the contract in state store
+	contractAddr := "wormhole1du4amsmvx8yqr8whw7qc5m3c0zpwknmzelwqy6"
+	k.StoreIbcComposabilityMwContract(ctx, types.IbcComposabilityMwContract{
+		ContractAddress: contractAddr,
+	})
+
+	// Query IbcComposabilityMwContract
+	res, err = k.IbcComposabilityMwContract(ctx, &types.QueryIbcComposabilityMwContractRequest{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, contractAddr, res.ContractAddress)
+}
diff --git a/wormchain/x/wormhole/keeper/grpc_query_latest_guardian_set_index_test.go b/wormchain/x/wormhole/keeper/grpc_query_latest_guardian_set_index_test.go
new file mode 100644
index 0000000000..827f43c8f9
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/grpc_query_latest_guardian_set_index_test.go
@@ -0,0 +1,47 @@
+package keeper_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+	"github.com/wormhole-foundation/wormhole/sdk/vaa"
+)
+
+// TestLatestGuardianSetIndex tests the querying of the latest guardian set index
+func TestLatestGuardianSetIndex(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	// Invalid query with nil request
+	_, err := k.LatestGuardianSetIndex(ctx, nil)
+	require.Error(t, err)
+
+	// Query the latest guardian set index - should be empty
+	res, err := k.LatestGuardianSetIndex(ctx, &types.QueryLatestGuardianSetIndexRequest{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	fmt.Println(res)
+	require.Equal(t, uint32(0xffffffff), res.LatestGuardianSetIndex)
+
+	// Create guardian set
+	guardians, _ := createNGuardianValidator(k, ctx, 10)
+	k.SetConfig(ctx, types.Config{
+		GovernanceEmitter:     vaa.GovernanceEmitter[:],
+		GovernanceChain:       uint32(vaa.GovernanceChain),
+		ChainId:               uint32(vaa.ChainIDWormchain),
+		GuardianSetExpiration: 86400,
+	})
+
+	createNewGuardianSet(k, ctx, guardians)
+	k.SetConsensusGuardianSetIndex(ctx, types.ConsensusGuardianSetIndex{
+		Index: 0,
+	})
+
+	// Query the latest guardian set index - after population
+	res, err = k.LatestGuardianSetIndex(ctx, &types.QueryLatestGuardianSetIndexRequest{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, uint32(0), res.LatestGuardianSetIndex)
+}
diff --git a/wormchain/x/wormhole/keeper/grpc_query_wasm_instantiate_allowlist_test.go b/wormchain/x/wormhole/keeper/grpc_query_wasm_instantiate_allowlist_test.go
new file mode 100644
index 0000000000..02b4e124e7
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/grpc_query_wasm_instantiate_allowlist_test.go
@@ -0,0 +1,39 @@
+package keeper_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+)
+
+// TestWasmInstantiateAllowlistAll tests the querying of the wasm instantiate allow list
+func TestWasmInstantiateAllowlistAll(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	// Query with nil request
+	_, err := k.WasmInstantiateAllowlistAll(ctx, nil)
+	require.Error(t, err)
+
+	// Query with no contracts
+	res, err := k.WasmInstantiateAllowlistAll(ctx, &types.QueryAllWasmInstantiateAllowlist{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, 0, len(res.Allowlist))
+
+	// Set contract in allow list
+	contract := types.WasmInstantiateAllowedContractCodeId{
+		ContractAddress: "wormhole1du4amsmvx8yqr8whw7qc5m3c0zpwknmzelwqy6",
+		CodeId:          1,
+	}
+	k.SetWasmInstantiateAllowlist(ctx, contract)
+
+	// Query all allow lists
+	res, err = k.WasmInstantiateAllowlistAll(ctx, &types.QueryAllWasmInstantiateAllowlist{})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Equal(t, 1, len(res.Allowlist))
+	require.Equal(t, contract.ContractAddress, res.Allowlist[0].ContractAddress)
+	require.Equal(t, contract.CodeId, res.Allowlist[0].CodeId)
+}
diff --git a/wormchain/x/wormhole/keeper/ibc_composability_mw_test.go b/wormchain/x/wormhole/keeper/ibc_composability_mw_test.go
new file mode 100644
index 0000000000..b8b5e85c9e
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/ibc_composability_mw_test.go
@@ -0,0 +1,29 @@
+package keeper_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+)
+
+// TestIbcComposabilityMwContractStore tests the setting and getting of the contract
+func TestIbcComposabilityMwContractStore(t *testing.T) {
+	k, ctx := keepertest.WormholeKeeper(t)
+
+	// Get contract, should be nil
+	res := k.GetIbcComposabilityMwContract(ctx)
+	require.Equal(t, "", res.ContractAddress)
+
+	// Set the contract
+	contract := types.IbcComposabilityMwContract{
+		ContractAddress: "contractAddress",
+	}
+	k.StoreIbcComposabilityMwContract(ctx, contract)
+
+	// Get contract from store
+	res = k.GetIbcComposabilityMwContract(ctx)
+	require.NotNil(t, res)
+	require.Equal(t, contract.ContractAddress, res.ContractAddress)
+}
diff --git a/wormchain/x/wormhole/keeper/msg_server_wasm_instantiate_allowlist_test.go b/wormchain/x/wormhole/keeper/msg_server_wasm_instantiate_allowlist_test.go
new file mode 100644
index 0000000000..3e4464d4c9
--- /dev/null
+++ b/wormchain/x/wormhole/keeper/msg_server_wasm_instantiate_allowlist_test.go
@@ -0,0 +1,226 @@
+package keeper_test
+
+import (
+	"crypto/ecdsa"
+	"testing"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/stretchr/testify/require"
+	keepertest "github.com/wormhole-foundation/wormchain/testutil/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/keeper"
+	"github.com/wormhole-foundation/wormchain/x/wormhole/types"
+	"github.com/wormhole-foundation/wormhole/sdk/vaa"
+)
+
+// setupAllowlistMsgServer creates a keeper, context, msg server, private keys, signer, and guardian set for
+// testing the wasm allowlist msg server
+func setupAllowlistMsgServer(t *testing.T) (keeper.Keeper, sdk.Context, types.MsgServer, []*ecdsa.PrivateKey, sdk.AccAddress, *types.GuardianSet) {
+	k, ctx := keepertest.WormholeKeeper(t)
+	msgServer := keeper.NewMsgServerImpl(*k)
+
+	guardians, privateKeys := createNGuardianValidator(k, ctx, 10)
+	k.SetConfig(ctx, types.Config{
+		GovernanceEmitter:     vaa.GovernanceEmitter[:],
+		GovernanceChain:       uint32(vaa.GovernanceChain),
+		ChainId:               uint32(vaa.ChainIDWormchain),
+		GuardianSetExpiration: 86400,
+	})
+	signer_bz := [20]byte{}
+	signer := sdk.AccAddress(signer_bz[:])
+
+	guardianSet := createNewGuardianSet(k, ctx, guardians)
+	k.SetConsensusGuardianSetIndex(ctx, types.ConsensusGuardianSetIndex{Index: guardianSet.Index})
+
+	return *k, ctx, msgServer, privateKeys, signer, guardianSet
+}
+
+// TestWasmAllowlistMsgServer tests the endpoints of the wasm allowlist msg server (happy path)
+func TestWasmAllowlistMsgServer(t *testing.T) {
+	k, ctx, msgServer, privateKeys, signer, guardianSet := setupAllowlistMsgServer(t)
+
+	bech32ContractAddr := "wormhole1466nf3zuxpya8q9emxukd7vftaf6h4psr0a07srl5zw74zh84yjq4lyjmh"
+
+	codeId := uint64(1)
+	contractAddr, err := sdk.AccAddressFromBech32(bech32ContractAddr)
+	require.NoError(t, err)
+
+	// copy bytes to 32 byte array
+	contractAddrBytes := [32]byte{}
+	copy(contractAddrBytes[:], contractAddr.Bytes())
+
+	// Create payload for the wasm instantiate allow list
+	payload, err := vaa.BodyWormchainWasmAllowlistInstantiate{
+		CodeId:       codeId,
+		ContractAddr: contractAddrBytes,
+	}.Serialize(vaa.ActionAddWasmInstantiateAllowlist)
+	require.NoError(t, err)
+	v := generateVaa(guardianSet.Index, privateKeys, vaa.ChainID(vaa.GovernanceChain), payload)
+	vBz, err := v.Marshal()
+	require.NoError(t, err)
+
+	// Send msg to add wasm instantiate allow list
+	_, err = msgServer.AddWasmInstantiateAllowlist(ctx, &types.MsgAddWasmInstantiateAllowlist{
+		Signer:  signer.String(),
+		Address: bech32ContractAddr,
+		CodeId:  codeId,
+		Vaa:     vBz,
+	})
+	require.NoError(t, err)
+
+	// Query the allowlist
+	res := k.GetAllWasmInstiateAllowedAddresses(ctx)
+	require.Len(t, res, 1)
+	require.Equal(t, bech32ContractAddr, res[0].ContractAddress)
+	require.Equal(t, codeId, res[0].CodeId)
+
+	// Re-generate vaa for delete wasm instantiate allow list
+	payload, err = vaa.BodyWormchainWasmAllowlistInstantiate{
+		CodeId:       codeId,
+		ContractAddr: contractAddrBytes,
+	}.Serialize(vaa.ActionDeleteWasmInstantiateAllowlist)
+	require.NoError(t, err)
+	v = generateVaa(guardianSet.Index, privateKeys, vaa.ChainID(vaa.GovernanceChain), payload)
+	vBz, err = v.Marshal()
+	require.NoError(t, err)
+
+	// Send msg to delete wasm instantiate allow list
+	_, err = msgServer.DeleteWasmInstantiateAllowlist(ctx, &types.MsgDeleteWasmInstantiateAllowlist{
+		Signer:  signer.String(),
+		Address: bech32ContractAddr,
+		CodeId:  codeId,
+		Vaa:     vBz,
+	})
+	require.NoError(t, err)
+
+	// Query the allowlist
+	res = k.GetAllWasmInstiateAllowedAddresses(ctx)
+	require.Len(t, res, 0)
+}
+
+// TestWasmAllowlistMsgServerMismatchedCodeId tests the endpoints of the wasm allowlist msg server
+// with mismatched code id
+func TestWasmAllowlistMsgServerMismatchedCodeId(t *testing.T) {
+	_, ctx, msgServer, privateKeys, signer, guardianSet := setupAllowlistMsgServer(t)
+
+	bech32ContractAddr := "wormhole1466nf3zuxpya8q9emxukd7vftaf6h4psr0a07srl5zw74zh84yjq4lyjmh"
+	codeId := uint64(1)
+
+	contractAddr, err := sdk.AccAddressFromBech32(bech32ContractAddr)
+	require.NoError(t, err)
+
+	// copy bytes to 32 byte array
+	contractAddrBytes := [32]byte{}
+	copy(contractAddrBytes[:], contractAddr.Bytes())
+
+	// Create payload with mismatched code id
+	payload, err := vaa.BodyWormchainWasmAllowlistInstantiate{
+		CodeId:       uint64(2),
+		ContractAddr: contractAddrBytes,
+	}.Serialize(vaa.ActionAddWasmInstantiateAllowlist)
+	require.NoError(t, err)
+	v := generateVaa(guardianSet.Index, privateKeys, vaa.ChainID(vaa.GovernanceChain), payload)
+	vBz, err := v.Marshal()
+	require.NoError(t, err)
+
+	// Send msg to add wasm instantiate allow list
+	_, err = msgServer.AddWasmInstantiateAllowlist(ctx, &types.MsgAddWasmInstantiateAllowlist{
+		Signer:  signer.String(),
+		Address: bech32ContractAddr,
+		CodeId:  codeId,
+		Vaa:     vBz,
+	})
+	require.Error(t, err)
+}
+
+// TestWasmAllowlistMsgServerMismatchedContractAddr tests the endpoints of the wasm allowlist msg server
+// with mismatched contract addresses
+func TestWasmAllowlistMsgServerMismatchedContractAddr(t *testing.T) {
+	_, ctx, msgServer, privateKeys, signer, guardianSet := setupAllowlistMsgServer(t)
+
+	bech32ContractAddr := "wormhole1466nf3zuxpya8q9emxukd7vftaf6h4psr0a07srl5zw74zh84yjq4lyjmh"
+	codeId := uint64(1)
+
+	contractAddr2, err := sdk.AccAddressFromBech32("wormhole1qg5ega6dykkxc307y25pecuufrjkxkaggkkxh7nad0vhyhtuhw3svg697z")
+	require.NoError(t, err)
+
+	// Create payload with mismatched contract address
+	payload, err := vaa.BodyWormchainWasmAllowlistInstantiate{
+		CodeId:       codeId,
+		ContractAddr: [32]byte(contractAddr2),
+	}.Serialize(vaa.ActionAddWasmInstantiateAllowlist)
+	require.NoError(t, err)
+	v := generateVaa(guardianSet.Index, privateKeys, vaa.ChainID(vaa.GovernanceChain), payload)
+	vBz, err := v.Marshal()
+	require.NoError(t, err)
+
+	// Send msg to add wasm instantiate allow list
+	_, err = msgServer.AddWasmInstantiateAllowlist(ctx, &types.MsgAddWasmInstantiateAllowlist{
+		Signer:  signer.String(),
+		Address: bech32ContractAddr,
+		CodeId:  codeId,
+		Vaa:     vBz,
+	})
+	require.Error(t, err)
+}
+
+// TestWasmAllowlistMsgServerMismatchedVaaAction tests the endpoints of the wasm allowlist msg server
+// with mismatched vaa action
+func TestWasmAllowlistMsgServerMismatchedVaaAction(t *testing.T) {
+	_, ctx, msgServer, privateKeys, signer, guardianSet := setupAllowlistMsgServer(t)
+
+	bech32ContractAddr := "wormhole1466nf3zuxpya8q9emxukd7vftaf6h4psr0a07srl5zw74zh84yjq4lyjmh"
+	codeId := uint64(1)
+
+	contractAddr, err := sdk.AccAddressFromBech32(bech32ContractAddr)
+	require.NoError(t, err)
+
+	// Create payload with mismatched contract address
+	payload, err := vaa.BodyWormchainWasmAllowlistInstantiate{
+		CodeId:       codeId,
+		ContractAddr: [32]byte(contractAddr),
+	}.Serialize(vaa.ActionAddWasmInstantiateAllowlist)
+	require.NoError(t, err)
+	v := generateVaa(guardianSet.Index, privateKeys, vaa.ChainID(vaa.GovernanceChain), payload)
+	vBz, err := v.Marshal()
+	require.NoError(t, err)
+
+	// Send mismatched action
+	_, err = msgServer.DeleteWasmInstantiateAllowlist(ctx, &types.MsgDeleteWasmInstantiateAllowlist{
+		Signer:  signer.String(),
+		Address: bech32ContractAddr,
+		CodeId:  codeId,
+		Vaa:     vBz,
+	})
+	require.Error(t, err)
+}
+
+// TestWasmAllowlistMsgServerInvalidVAA tests the endpoints of the wasm allowlist msg server
+// with invalid vaa
+func TestWasmAllowlistMsgServerInvalidVAA(t *testing.T) {
+	_, ctx, msgServer, _, signer, guardianSet := setupAllowlistMsgServer(t)
+
+	bech32ContractAddr := "wormhole1466nf3zuxpya8q9emxukd7vftaf6h4psr0a07srl5zw74zh84yjq4lyjmh"
+	codeId := uint64(1)
+
+	contractAddr, err := sdk.AccAddressFromBech32(bech32ContractAddr)
+	require.NoError(t, err)
+
+	// Create payload with mismatched contract address
+	payload, err := vaa.BodyWormchainWasmAllowlistInstantiate{
+		CodeId:       codeId,
+		ContractAddr: [32]byte(contractAddr),
+	}.Serialize(vaa.ActionAddWasmInstantiateAllowlist)
+	require.NoError(t, err)
+	v := generateVaa(guardianSet.Index, nil, vaa.ChainID(vaa.GovernanceChain), payload)
+	vBz, err := v.Marshal()
+	require.NoError(t, err)
+
+	// Send mismatched action
+	_, err = msgServer.DeleteWasmInstantiateAllowlist(ctx, &types.MsgDeleteWasmInstantiateAllowlist{
+		Signer:  signer.String(),
+		Address: bech32ContractAddr,
+		CodeId:  codeId,
+		Vaa:     vBz,
+	})
+	require.Error(t, err)
+}