* feat: Allow to restrict MintCoins from app.go (#10771)
## Description
Closes: https://github.com/cosmos/cosmos-sdk/issues/10386
This PR adds feature to the bank module so that other modules using bankKeeper would be able to call the keeper with restricted permissions when minting coins. `WithMintCoinsRestriction` would be able to get called within app.go when setting keeper components for each individual keeper, taking a function that would validate minting denom as an argument.
The example below demonstrates adding bank module with restricted permissions.
```
app.DistrKeeper = distrkeeper.NewKeeper(
appCodec, keys[distrtypes.StoreKey], app.GetSubspace(distrtypes.ModuleName), app.AccountKeeper, app.BankKeeper.WithMintCoinsRestriction(DistributionMintingRestriction),
&stakingKeeper, authtypes.FeeCollectorName, app.ModuleAccountAddrs(),
)
```
while there would be a seperate function that would restrict and validate allowed denoms as such.
```
func DistributionMintingRestriction(ctx sdk.Context, coins sdk.Coins) errors {
for _, coin := range coins {
if coin.Denom != ctx.NativeStakingDenom {
return errors.New(fmt.Sprintf("Distribution can only print denom %s, tried minting %s", ctx.NativeStakingDenom, coin.Denom))
}
}
}
```
The sdk's simapp currently does not have any keepers that are to be changed with this implementation added, thus remaining unchanged in `app.go`.
---
### Author Checklist
*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*
I have...
- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed
### Reviewers Checklist
*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*
I have...
- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
(cherry picked from commit ea67659950
)
# Conflicts:
# CHANGELOG.md
# x/bank/keeper/keeper.go
* fix conflicts
* fix tests
* changelog entry
* Update x/bank/spec/02_keepers.md
* Update CHANGELOG.md
Co-authored-by: Matt, Park <45252226+mattverse@users.noreply.github.com>
Co-authored-by: marbar3778 <marbar3778@yahoo.com>
Co-authored-by: Amaury <1293565+amaurym@users.noreply.github.com>
This commit is contained in:
parent
4368a18d42
commit
d862c66a0d
|
@ -39,6 +39,11 @@ Ref: https://keepachangelog.com/en/1.0.0/
|
|||
|
||||
### Features
|
||||
|
||||
* (x/bank) [\#10771](https://github.com/cosmos/cosmos-sdk/pull/10771) Add safety check on bank module perms to allow module-specific mint restrictions (e.g. only minting a certain denom).
|
||||
* (x/bank) [\#10771](https://github.com/cosmos/cosmos-sdk/pull/10771) Add `bank.BankKeeper.WithMintCoinsRestriction` function to restrict use of bank `MintCoins` usage. This function is not on the bank `Keeper` interface, so it's not API-breaking, but only additive on the keeper implementation.
|
||||
|
||||
### Features
|
||||
|
||||
* [\#11124](https://github.com/cosmos/cosmos-sdk/pull/11124) Add `GetAllVersions` to application store
|
||||
|
||||
### Bug Fixes
|
||||
|
|
|
@ -54,8 +54,11 @@ type BaseKeeper struct {
|
|||
cdc codec.BinaryCodec
|
||||
storeKey sdk.StoreKey
|
||||
paramSpace paramtypes.Subspace
|
||||
mintCoinsRestrictionFn MintingRestrictionFn
|
||||
}
|
||||
|
||||
type MintingRestrictionFn func(ctx sdk.Context, coins sdk.Coins) error
|
||||
|
||||
// GetPaginatedTotalSupply queries for the supply, ignoring 0 coins, with a given pagination
|
||||
func (k BaseKeeper) GetPaginatedTotalSupply(ctx sdk.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) {
|
||||
store := ctx.KVStore(k.storeKey)
|
||||
|
@ -107,9 +110,30 @@ func NewBaseKeeper(
|
|||
cdc: cdc,
|
||||
storeKey: storeKey,
|
||||
paramSpace: paramSpace,
|
||||
mintCoinsRestrictionFn: func(ctx sdk.Context, coins sdk.Coins) error { return nil },
|
||||
}
|
||||
}
|
||||
|
||||
// WithMintCoinsRestriction restricts the bank Keeper used within a specific module to
|
||||
// have restricted permissions on minting via function passed in parameter.
|
||||
// Previous restriction functions can be nested as such:
|
||||
// bankKeeper.WithMintCoinsRestriction(restriction1).WithMintCoinsRestriction(restriction2)
|
||||
func (k BaseKeeper) WithMintCoinsRestriction(check MintingRestrictionFn) BaseKeeper {
|
||||
oldRestrictionFn := k.mintCoinsRestrictionFn
|
||||
k.mintCoinsRestrictionFn = func(ctx sdk.Context, coins sdk.Coins) error {
|
||||
err := check(ctx, coins)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = oldRestrictionFn(ctx, coins)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return k
|
||||
}
|
||||
|
||||
// DelegateCoins performs delegation by deducting amt coins from an account with
|
||||
// address addr. For vesting accounts, delegations amounts are tracked for both
|
||||
// vesting and vested coins. The coins are then transferred from the delegator
|
||||
|
@ -372,6 +396,11 @@ func (k BaseKeeper) UndelegateCoinsFromModuleToAccount(
|
|||
// MintCoins creates new coins from thin air and adds it to the module account.
|
||||
// It will panic if the module account does not exist or is unauthorized.
|
||||
func (k BaseKeeper) MintCoins(ctx sdk.Context, moduleName string, amounts sdk.Coins) error {
|
||||
err := k.mintCoinsRestrictionFn(ctx, amounts)
|
||||
if err != nil {
|
||||
ctx.Logger().Error(fmt.Sprintf("Module %q attempted to mint coins %s it doesn't have permission for, error %v", moduleName, amounts, err))
|
||||
return err
|
||||
}
|
||||
acc := k.ak.GetModuleAccount(ctx, moduleName)
|
||||
if acc == nil {
|
||||
panic(sdkerrors.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", moduleName))
|
||||
|
@ -381,7 +410,7 @@ func (k BaseKeeper) MintCoins(ctx sdk.Context, moduleName string, amounts sdk.Co
|
|||
panic(sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "module account %s does not have permissions to mint tokens", moduleName))
|
||||
}
|
||||
|
||||
err := k.addCoins(ctx, acc.GetAddress(), amounts)
|
||||
err = k.addCoins(ctx, acc.GetAddress(), amounts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package keeper_test
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
@ -1161,6 +1162,76 @@ func (suite *IntegrationTestSuite) getTestMetadata() []types.Metadata {
|
|||
}
|
||||
}
|
||||
|
||||
func (suite *IntegrationTestSuite) TestMintCoinRestrictions() {
|
||||
type BankMintingRestrictionFn func(ctx sdk.Context, coins sdk.Coins) error
|
||||
|
||||
maccPerms := simapp.GetMaccPerms()
|
||||
maccPerms[multiPerm] = []string{authtypes.Burner, authtypes.Minter, authtypes.Staking}
|
||||
|
||||
suite.app.AccountKeeper = authkeeper.NewAccountKeeper(
|
||||
suite.app.AppCodec(), suite.app.GetKey(authtypes.StoreKey), suite.app.GetSubspace(authtypes.ModuleName),
|
||||
authtypes.ProtoBaseAccount, maccPerms,
|
||||
)
|
||||
suite.app.AccountKeeper.SetModuleAccount(suite.ctx, multiPermAcc)
|
||||
|
||||
type testCase struct {
|
||||
coinsToTry sdk.Coin
|
||||
expectPass bool
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
restrictionFn BankMintingRestrictionFn
|
||||
testCases []testCase
|
||||
}{
|
||||
{
|
||||
"restriction",
|
||||
func(ctx sdk.Context, coins sdk.Coins) error {
|
||||
for _, coin := range coins {
|
||||
if coin.Denom != fooDenom {
|
||||
return fmt.Errorf("Module %s only has perms for minting %s coins, tried minting %s coins", types.ModuleName, fooDenom, coin.Denom)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
},
|
||||
[]testCase{
|
||||
{
|
||||
coinsToTry: newFooCoin(100),
|
||||
expectPass: true,
|
||||
},
|
||||
{
|
||||
coinsToTry: newBarCoin(100),
|
||||
expectPass: false,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
suite.app.BankKeeper = keeper.NewBaseKeeper(suite.app.AppCodec(), suite.app.GetKey(types.StoreKey),
|
||||
suite.app.AccountKeeper, suite.app.GetSubspace(types.ModuleName), nil).WithMintCoinsRestriction(keeper.MintingRestrictionFn(test.restrictionFn))
|
||||
for _, testCase := range test.testCases {
|
||||
if testCase.expectPass {
|
||||
suite.Require().NoError(
|
||||
suite.app.BankKeeper.MintCoins(
|
||||
suite.ctx,
|
||||
multiPermAcc.Name,
|
||||
sdk.NewCoins(testCase.coinsToTry),
|
||||
),
|
||||
)
|
||||
} else {
|
||||
suite.Require().Error(
|
||||
suite.app.BankKeeper.MintCoins(
|
||||
suite.ctx,
|
||||
multiPermAcc.Name,
|
||||
sdk.NewCoins(testCase.coinsToTry),
|
||||
),
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestKeeperTestSuite(t *testing.T) {
|
||||
suite.Run(t, new(IntegrationTestSuite))
|
||||
}
|
||||
|
|
|
@ -54,6 +54,8 @@ message Output {
|
|||
|
||||
The base keeper provides full-permission access: the ability to arbitrary modify any account's balance and mint or burn coins.
|
||||
|
||||
Restricted permission to mint per module could be achieved by using baseKeeper with `WithMintCoinsRestriction` to give specific restrictions to mint (e.g. only minting certain denom).
|
||||
|
||||
```go
|
||||
// Keeper defines a module interface that facilitates the transfer of coins
|
||||
// between accounts.
|
||||
|
|
Loading…
Reference in New Issue