validations

vitwit · May 29, 2024 · b8aad25 · b8aad25
1 parent 7954140
commit b8aad25
Showing 1 changed file with 58 additions and 20 deletions.
diff --git a/x/authz/keeper/msg_server.go b/x/authz/keeper/msg_server.go
@@ -60,7 +60,7 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra
 	var rules []*authz.Rule
 	if msg.Rules != nil {
 		var err error
-		err, rules = k.VerifyAndBuildRules(goCtx, msg.Grant.Authorization.GetTypeUrl(), msg.Rules)
+		rules, err = k.VerifyAndBuildRules(goCtx, msg.Grant.Authorization.GetTypeUrl(), msg.Rules)
 		if err != nil {
 			return nil, err
 		}
@@ -75,31 +75,20 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra
 }
 
 // VerifyTheRules checks the keys of rules provided are allowed
-func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesBytes []byte) (error, []*authz.Rule) {
+func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesBytes []byte) ([]*authz.Rule, error) {
 	var rulesJson authz.AppAuthzRules
 	err := json.Unmarshal(rulesBytes, &rulesJson)
 	if err != nil {
-		return err, nil
+		return nil, err
 	}
 
-	var rules []*authz.Rule
-	switch msg {
-	case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}):
-		rules = []*authz.Rule{
-			{Key: authz.AllowedRecipients, Values: rulesJson.AllowedRecipients},
-			{Key: authz.MaxAmount, Values: rulesJson.MaxAmount},
-		}
-
-	case sdk.MsgTypeURL(&staking.MsgDelegate{}):
-		rules = []*authz.Rule{
-			{Key: authz.AllowedStakeValidators, Values: rulesJson.AllowedStakeValidators},
-			{Key: authz.AllowedMaxStakeAmount, Values: rulesJson.AllowedMaxStakeAmount},
-		}
+	if err := validateRules(rulesJson); err != nil {
+		return nil, err
 	}
 
 	registeredRules, err := k.GetAuthzRulesKeys(goCtx)
 	if err != nil {
-		return err, nil
+		return nil, err
 	}
 
 	var values []string
@@ -110,11 +99,26 @@ func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesByte
 		}
 	}
 
-	if err := checkStructKeys(rules, values); err != nil {
-		return err, nil
+	if err := checkStructKeys(rulesJson, values); err != nil {
+		return nil, err
 	}
 
-	return nil, rules
+	var rules []*authz.Rule
+	switch msg {
+	case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}):
+		rules = []*authz.Rule{
+			{Key: authz.AllowedRecipients, Values: rulesJson.AllowedRecipients},
+			{Key: authz.MaxAmount, Values: rulesJson.MaxAmount},
+		}
+
+	case sdk.MsgTypeURL(&staking.MsgDelegate{}):
+		rules = []*authz.Rule{
+			{Key: authz.AllowedStakeValidators, Values: rulesJson.AllowedStakeValidators},
+			{Key: authz.AllowedMaxStakeAmount, Values: rulesJson.AllowedMaxStakeAmount},
+		}
+	}
+
+	return rules, nil
 }
 
 func checkStructKeys(s interface{}, allowedKeys []string) error {
@@ -145,6 +149,40 @@ func isAllowedKey(key string, allowedKeys []string) bool {
 	return false
 }
 
+func validateRules(rules authz.AppAuthzRules) error {
+	for _, addr := range rules.AllowedRecipients {
+		if _, err := sdk.AccAddressFromBech32(addr); err != nil {
+			return err
+		}
+	}
+
+	coins, err := sdk.ParseCoinsNormalized(strings.Join(rules.MaxAmount, ","))
+	if err != nil {
+		return err
+	}
+
+	if err := coins.Sort().Validate(); err != nil {
+		return err
+	}
+
+	for _, valAddr := range rules.AllowedStakeValidators {
+		if _, err := sdk.ValAddressFromBech32(valAddr); err != nil {
+			return err
+		}
+	}
+
+	maxStake, err := sdk.ParseCoinsNormalized(strings.Join(rules.AllowedMaxStakeAmount, ","))
+	if err != nil {
+		return err
+	}
+
+	if err := maxStake.Sort().Validate(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // Revoke implements the MsgServer.Revoke method.
 func (k Keeper) Revoke(goCtx context.Context, msg *authz.MsgRevoke) (*authz.MsgRevokeResponse, error) {
 	if strings.EqualFold(msg.Grantee, msg.Granter) {