Skip to content

Commit

Permalink
chore: improve permission validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@dadamu
dadamu committed Jun 9, 2023
1 parent 1744dac commit a4a020d
Show file tree
Hide file tree
Showing 4 changed files with 217 additions and 403 deletions.
55 changes: 3 additions & 52 deletions x/tokenfactory/keeper/msg_server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
govtypes "github.com/cosmos/cosmos-sdk/x/gov/types"
tokenfactorytypes "github.com/osmosis-labs/osmosis/v15/x/tokenfactory/types"

subspacestypes "github.com/desmos-labs/desmos/v5/x/subspaces/types"
"github.com/desmos-labs/desmos/v5/x/tokenfactory/types"
Expand Down Expand Up @@ -73,27 +72,11 @@ func (k msgServer) Mint(goCtx context.Context, msg *types.MsgMint) (*types.MsgMi
return nil, errors.Wrapf(sdkerrors.ErrInvalidRequest, "subspace with id %d not found", msg.SubspaceID)
}

// Check the permission to manage the subspace tokens
if !k.sk.HasPermission(ctx, msg.SubspaceID, subspacestypes.RootSectionID, msg.Sender, types.PermissionManageSubspaceTokens) {
return nil, errors.Wrap(subspacestypes.ErrPermissionDenied, "you cannot manage the subspace tokens inside this subspace")
}

// Check if the denom exists
_, denomExists := k.bk.GetDenomMetaData(ctx, msg.Amount.Denom)
if !denomExists {
return nil, tokenfactorytypes.ErrDenomDoesNotExist.Wrapf("denom: %s", msg.Amount.Denom)
}

authorityMetadata, err := k.tfk.GetAuthorityMetadata(ctx, msg.Amount.GetDenom())
err := k.ValidateManageTokenPermission(ctx, subspace, msg.Sender, msg.Amount.Denom)
if err != nil {
return nil, err
}

// Check if the subspace treasury is the admin of the denom
if subspace.Treasury != authorityMetadata.GetAdmin() {
return nil, tokenfactorytypes.ErrUnauthorized
}

err = k.tfk.MintTo(ctx, msg.Amount, msg.MintToAddress)
if err != nil {
return nil, err
Expand Down Expand Up @@ -127,27 +110,11 @@ func (k msgServer) Burn(goCtx context.Context, msg *types.MsgBurn) (*types.MsgBu
return nil, errors.Wrapf(sdkerrors.ErrInvalidRequest, "subspace with id %d not found", msg.SubspaceID)
}

// Check the permission to manage the subspace tokens
if !k.sk.HasPermission(ctx, msg.SubspaceID, subspacestypes.RootSectionID, msg.Sender, types.PermissionManageSubspaceTokens) {
return nil, errors.Wrap(subspacestypes.ErrPermissionDenied, "you cannot manage the subspace tokens inside this subspace")
}

// Check if the denom exists
_, denomExists := k.bk.GetDenomMetaData(ctx, msg.Amount.Denom)
if !denomExists {
return nil, tokenfactorytypes.ErrDenomDoesNotExist.Wrapf("denom: %s", msg.Amount.Denom)
}

authorityMetadata, err := k.tfk.GetAuthorityMetadata(ctx, msg.Amount.GetDenom())
err := k.ValidateManageTokenPermission(ctx, subspace, msg.Sender, msg.Amount.Denom)
if err != nil {
return nil, err
}

// Check if the subspace treasury is the admin of the denom
if subspace.Treasury != authorityMetadata.GetAdmin() {
return nil, tokenfactorytypes.ErrUnauthorized
}

err = k.tfk.BurnFrom(ctx, msg.Amount, subspace.Treasury)
if err != nil {
return nil, err
Expand Down Expand Up @@ -181,27 +148,11 @@ func (k msgServer) SetDenomMetadata(goCtx context.Context, msg *types.MsgSetDeno
return nil, errors.Wrapf(sdkerrors.ErrInvalidRequest, "subspace with id %d not found", msg.SubspaceID)
}

// Check the permission to manage the subspace tokens
if !k.sk.HasPermission(ctx, msg.SubspaceID, subspacestypes.RootSectionID, msg.Sender, types.PermissionManageSubspaceTokens) {
return nil, errors.Wrap(subspacestypes.ErrPermissionDenied, "you cannot manage the subspace tokens inside this subspace")
}

// Check if the denom exists
_, denomExists := k.bk.GetDenomMetaData(ctx, msg.Metadata.Base)
if !denomExists {
return nil, tokenfactorytypes.ErrDenomDoesNotExist.Wrapf("denom: %s", msg.Metadata.Base)
}

authorityMetadata, err := k.tfk.GetAuthorityMetadata(ctx, msg.Metadata.Base)
err := k.ValidateManageTokenPermission(ctx, subspace, msg.Sender, msg.Metadata.Base)
if err != nil {
return nil, err
}

// Check if the subspace treasury is the admin of the denom
if subspace.Treasury != authorityMetadata.GetAdmin() {
return nil, tokenfactorytypes.ErrUnauthorized
}

k.bk.SetDenomMetaData(ctx, msg.Metadata)

ctx.EventManager().EmitEvents(sdk.Events{
Expand Down
Loading

0 comments on commit a4a020d

Please sign in to comment.