imp: represent unlimited approvals with MaxUint256 value

CHANGELOG.md

@@ -43,8 +43,8 @@ Ref: https://keepachangelog.com/en/1.0.0/
 ### State Machine Breaking
 
 ### Improvements
-
 * (tests) [\#3138](https://github.com/cosmos/ibc-go/pull/3138) Support benchmarks and fuzz tests through `testing.TB`.
+* (ics20) [\#3454](https://github.com/cosmos/ibc-go/pull/3454) Represent authz unlimited spending limit as `math.MaxInt64` value.
 
 ### Features
 

modules/apps/transfer/types/transfer_authorization.go

@@ -1,10 +1,11 @@
 package types
 
 import (
+	"math"
+
 	errorsmod "cosmossdk.io/errors"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/cosmos/cosmos-sdk/x/authz"
-
 	ibcerrors "github.com/cosmos/ibc-go/v7/internal/errors"
 	channeltypes "github.com/cosmos/ibc-go/v7/modules/core/04-channel/types"
 	host "github.com/cosmos/ibc-go/v7/modules/core/24-host"
@@ -31,28 +32,37 @@ func (a TransferAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.Accep
 		return authz.AcceptResponse{}, errorsmod.Wrap(ibcerrors.ErrInvalidType, "type mismatch")
 	}
 
-	for index, allocation := range a.Allocations {
-		if !(allocation.SourceChannel == msgTransfer.SourceChannel && allocation.SourcePort == msgTransfer.SourcePort) {
-			continue
-		}
+	var (
+		limitLeft  = sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(math.MaxInt64)))
+		isNegative bool
+	)
 
-		limitLeft, isNegative := allocation.SpendLimit.SafeSub(msgTransfer.Token)
-		if isNegative {
-			return authz.AcceptResponse{}, errorsmod.Wrapf(ibcerrors.ErrInsufficientFunds, "requested amount is more than spend limit")
-		}
-
-		if !isAllowedAddress(ctx, msgTransfer.Receiver, allocation.AllowList) {
-			return authz.AcceptResponse{}, errorsmod.Wrap(ibcerrors.ErrInvalidAddress, "not allowed address for transfer")
-		}
-
-		if limitLeft.IsZero() {
-			a.Allocations = append(a.Allocations[:index], a.Allocations[index+1:]...)
-			if len(a.Allocations) == 0 {
-				return authz.AcceptResponse{Accept: true, Delete: true}, nil
+	for index, allocation := range a.Allocations {
+		if allocation.SourceChannel == msgTransfer.SourceChannel && allocation.SourcePort == msgTransfer.SourcePort {
+			for _, coin := range allocation.SpendLimit {
+				if coin.Amount.Int64() == math.MaxInt64 {
+					continue
+				}
+
+				limitLeft, isNegative = allocation.SpendLimit.SafeSub(msgTransfer.Token)
+				if isNegative {
+					return authz.AcceptResponse{}, errorsmod.Wrapf(ibcerrors.ErrInsufficientFunds, "requested amount is more than spend limit")
+				}
+
+				if !isAllowedAddress(ctx, msgTransfer.Receiver, allocation.AllowList) {
+					return authz.AcceptResponse{}, errorsmod.Wrap(ibcerrors.ErrInvalidAddress, "not allowed address for transfer")
+				}
+
+				if limitLeft.IsZero() {
+					a.Allocations = append(a.Allocations[:index], a.Allocations[index+1:]...)
+					if len(a.Allocations) == 0 {
+						return authz.AcceptResponse{Accept: true, Delete: true}, nil
+					}
+					return authz.AcceptResponse{Accept: true, Delete: false, Updated: &TransferAuthorization{
+						Allocations: a.Allocations,
+					}}, nil
+				}
 			}
-			return authz.AcceptResponse{Accept: true, Delete: false, Updated: &TransferAuthorization{
-				Allocations: a.Allocations,
-			}}, nil
 		}
 		a.Allocations[index] = Allocation{
 			SourcePort:    allocation.SourcePort,

modules/apps/transfer/types/transfer_authorization_test.go

@@ -1,9 +1,10 @@
 package types_test
 
 import (
+	"math"
+
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/cosmos/cosmos-sdk/x/authz"
-
 	"github.com/cosmos/ibc-go/v7/modules/apps/transfer/types"
 	ibctesting "github.com/cosmos/ibc-go/v7/testing"
 	"github.com/cosmos/ibc-go/v7/testing/mock"
@@ -49,6 +50,25 @@ func (suite *TypesTestSuite) TestTransferAuthorizationAccept() {
 				suite.Require().True(isEqual)
 			},
 		},
+		{
+			"success: with unlimited spending limit MaxInt64",
+			func() {
+				transferAuthz.Allocations[0].SpendLimit = sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(math.MaxInt64)))
+				msgTransfer.Token = sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(math.MaxInt64))
+			},
+			func(res authz.AcceptResponse, err error) {
+				suite.Require().NoError(err)
+
+				suite.Require().True(res.Accept)
+				suite.Require().False(res.Delete)
+
+				updatedAuthz, ok := res.Updated.(*types.TransferAuthorization)
+				suite.Require().True(ok)
+
+				isEqual := updatedAuthz.Allocations[0].SpendLimit.IsEqual(sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(math.MaxInt64))))
+				suite.Require().True(isEqual)
+			},
+		},
 		{
 			"success: with empty allow list",
 			func() {
@@ -190,6 +210,13 @@ func (suite *TypesTestSuite) TestTransferAuthorizationValidateBasic() {
 			},
 			true,
 		},
+		{
+			"success: with max Int allocation spend limit",
+			func() {
+				transferAuthz.Allocations[0].SpendLimit = sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(math.MaxInt64)))
+			},
+			true,
+		},
 		{
 			"empty allocations",
 			func() {