fix: adding check for blocked addresses before escrowing fees

[seantking]

Description

closes: #1889

---

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

• Targeted PR against correct branch (see CONTRIBUTING.md)
• Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
• Code follows the module structure standards.
• Wrote unit and integration tests
• Updated relevant documentation (docs/) or specification (x/<module>/spec/)
• Added relevant godoc comments.
• Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
• Re-reviewed Files changed in the Github PR explorer
• Review Codecov Report in the comment section below once CI passes

[seantking]

This is pretty hacky I just left it in for discussion. I'm guessing we don't want to unblock the distribution module?

We have the following test case. We ensure a non-blocked module account can escrow fees.

When I try to use the mock module account I get an AuthKeeper error saying the account doesn't exist. I'm not sure why exactly. I've left the test case as is using the distribution module account for now.

cc: @colin-axner

[damiannolan]

I was looking at the test case "refund account is a module account" and trying to use ibcmock.ModuleName instead of disttypes.ModuleName:

"refund account is module account",
func() {
	msg.Signer = suite.chainA.GetSimApp().AccountKeeper.GetModuleAddress(disttypes.ModuleName).String()
	expPacketFee := types.NewPacketFee(fee, msg.Signer, nil)
	expFeesInEscrow = []types.PacketFee{expPacketFee}
},
true,

The account does not exist error is being returned from here in escrow.go. And interestingly if we actually use AccountKeeper.GetModuleAccount() we will not encounter that error as it calls directly into GetModuleAccountAndPermissions() which creates and sets the account in x/auth.

This differs from GetModuleAddress which just checks the permAddrs map created on keeper initialisation.

It's definitely pretty ambiguous as to what constitutes a blocked address and what doesn't. Without this logical OR added for distrtypes.ModuleName it is and will be in the blockedAddrs map in x/bank. However, its usage in x/distribution when for example, withdrawing delegation rewards uses SendCoinsFromModuleToAccount which only checks that the recipientAddr is not a blocked address.

When I use the following in the malleate() func, we don't fail on the account not existing but instead fail with an "insufficient funds" error.

moduleAcc := suite.chainA.GetSimApp().AccountKeeper.GetModuleAccount(suite.chainA.GetContext(), ibcmock.ModuleName)
msg.Signer = moduleAcc.GetAddress().String()
expPacketFee := types.NewPacketFee(fee, msg.Signer, nil)
expFeesInEscrow = []types.PacketFee{expPacketFee}

It would be nice to get some more clarity around module accounts in general. We could use the above and also fund the ibcmock.ModuleName module account to get past the error.

[colin-axner]

If the blocked address logic gets removed from the SDK, what test case would we want to have? I'd say probably still wise to just use the mock module account since it may not make sense long term to use distr (as community pool might be removed from it)

Maybe we can add the mock module to the list of genAccs in NewTestChainWithValSet?

Also I think you can use GetModuleAddress().String()

[codecov-commenter]

Codecov Report

Merging #1890 (e3115f5) into main (f891c29) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main    #1890   +/-   ##
=======================================
  Coverage   80.12%   80.13%           
=======================================
  Files         167      167           
  Lines       11750    11770   +20     
=======================================
+ Hits         9415     9432   +17     
- Misses       1921     1923    +2     
- Partials      414      415    +1     

Impacted Files	Coverage Δ
modules/apps/29-fee/keeper/msg_server.go	96.96% <100.00%> (+0.76%)	⬆️
modules/apps/29-fee/keeper/escrow.go	93.16% <0.00%> (-1.87%)	⬇️

[seantking]

Codecov Report

Merging #1890 (8525e4e) into main (af4e651) will decrease coverage by 0.12%.
The diff coverage is 68.80%.

@@            Coverage Diff             @@
##             main    #1890      +/-   ##
==========================================
- Coverage   80.04%   79.92%   -0.13%     
==========================================
  Files         166      166              
  Lines       12421    12446      +25     
==========================================
+ Hits         9943     9947       +4     
- Misses       2013     2030      +17     
- Partials      465      469       +4     

Impacted Files Coverage Δ
cmd/build_test_matrix/main.go 70.83% <0.00%> (-3.46%)
...27-interchain-accounts/controller/keeper/keeper.go 94.73% <ø> (ø)
.../apps/27-interchain-accounts/host/keeper/keeper.go 83.33% <ø> (ø)
modules/apps/27-interchain-accounts/module.go 55.55% <0.00%> (-2.14%)
modules/apps/29-fee/keeper/keeper.go 92.48% <ø> (ø)
modules/apps/29-fee/module.go 54.54% <0.00%> (-1.02%)
modules/apps/transfer/keeper/keeper.go 91.17% <ø> (ø)
modules/apps/transfer/keeper/migrations.go 93.10% <ø> (-0.23%)
modules/apps/transfer/keeper/relay.go 88.11% <0.00%> (ø)
modules/apps/transfer/module.go 57.14% <0.00%> (-0.93%)
... and 46 more

Not too sure what's going on with the code cov here. I don't have access to the website either.

[crodriguezvega]

Looks good to me. Thanks @seantking for fixing the issue so quickly! ⚡

[damiannolan]

Should we move the check to below k.IsLocked(ctx) for consistency with PayPacketFee rpc?

[colin-axner]

Agreed

[colin-axner]

ACK. Nice work. Would prefer to resolve the testing/simapp/app.go discussion before merging, but I'm ok doing it in a followup

[crodriguezvega]

Maybe instead of adding a new error, do something like?

if k.bankKeeper.BlockedAddr(refundAcc) {
 	return sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to escrow fees", refundAcc)
 }

[seantking]

🤝 done

[crodriguezvega]

@seantking @colin-axner I am wondering if we should also add a check to ensure that the payee address is not blocked in the rpc handler for the MsgRegisterPayee message. This is executed on the source chain with a source chain address, so we could potentially already make sure that the payee is not blocked and prevent failures on distribution. What do you think?

[colin-axner]

I am wondering if we should also add a check to ensure that the payee address is not blocked in the rpc handler for the MsgRegisterPayee message.

Yes definitely, nice catch!

[seantking]

@seantking @colin-axner I am wondering if we should also add a check to ensure that the payee address is not blocked in the rpc handler for the MsgRegisterPayee message. This is executed on the source chain with a source chain address, so we could potentially already make sure that the payee is not blocked and prevent failures on distribution. What do you think?

Great idea! Added a check and test for this.

[colin-axner]

followup ACK

[crodriguezvega]

🥇