feat: upgrade + audit fixes

[beer-1]

Description

This PR includes dependency upgrades and also includes audit fixes.

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title, you can find examples of the prefixes below:
• confirmed ! in the type prefix if API or client breaking change
• targeted the correct branch
• provided a link to the relevant issue or specification
• reviewed "Files changed" and left comments if necessary
• included the necessary unit and integration tests
• updated the relevant documentation or specification, including comments for documenting Go code
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed all author checklist items have been addressed
• reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a series of updates across various components. Changes include dependency version updates in the Dockerfile, integration of new Block SDK features in the application, refactoring of keeper initializations, modifications in upgrade logic, and enhanced validation in protocol buffer definitions. Additionally, the PR refactors contract building logic and alters test flows, while updating naming conventions and control flows in middleware and DEX-related code.

Changes

File(s)	Change Summary
Dockerfile	Updated environment variable LIBMOVEVM_VERSION from v0.6.1 to v0.7.0.
app/app.go	Added Block SDK integration: new import statements and routes registration via blockservice.RegisterGRPCGatewayRoutes and blockservice.RegisterMempoolService.
app/keepers/keepers.go	Removed DistrKeeper and the default timeout parameter from the PacketForwardKeeper initializer in NewAppKeeper.
app/upgrade.go	Updated upgradeName from "0.7.0" to "0.7.3", and modified the upgrade handler to run module migrations.
cmd/move/deploy.go	Introduced new function buildContract to encapsulate contract build logic with improved error handling and directory management.
scripts/protoc-swagger-gen.sh	Added new variables (BLOCK_SDK_URL, BLOCK_SDK_V, BLOCK_SDK_VERSION) and logic to clone the block-sdk repository and include its proto files.
x/distribution/keeper/common_test.go, x/distribution/keeper/delegation_test.go	Simplified composite literal initialization and adjusted variable handling when retrieving validators in tests.
x/ibc/nft-transfer/types/packet.go	Enhanced ValidateBasic to trim whitespace for ClassId, separately validate TokenUris and TokenData lengths, and initialize nil slices in DecodePacketData.
x/intertx/keeper/msg_server.go	Replaced dynamic timeout calculation with a fixed relativeTimeoutTimestamp (five minutes in nanoseconds) for transactions.
x/move/keeper/balancer.go, x/move/types/connector.go	Modified SwapToBase to call k.executeEntryFunction with updated parameters; replaced FunctionNameDexSwapScript with FunctionNameDexSudoSwap.
x/move/keeper/balancer_test.go	Updated test flow by transferring coins from fundedAddr to feeCollectorAddr before invoking SwapToBase and adjusted subsequent balance checks.
API and proto files (api/initia/*, proto/initia/*)	Revised raw protobuf descriptor bytes and updated amino.name options across various messages to align naming conventions and structure.
x/ibc-hooks/ibc_middleware.go	Changed OnChanOpenInit to return finalVersion (obtained from downstream processing) instead of the original version.
x/move/keeper/staking.go	Refactored SlashUnbondingDelegations for improved efficiency and error handling.
x/mstaking/client/cli/query.go	Updated address conversion calls to use ac.StringToBytes instead of vc.StringToBytes.
x/mstaking/keeper/query_utils.go	Removed GetDelegatorValidators function, eliminating its associated logic.

Sequence Diagram(s)

sequenceDiagram
    participant App as InitiaApp
    participant GRPC as GRPCGatewayRouter
    participant Block as Block SDK Services

    App->>GRPC: Register API Routes
    GRPC->>Block: blockservice.RegisterGRPCGatewayRoutes
    App->>Block: blockservice.RegisterMempoolService

Loading

sequenceDiagram
    participant CLI as Deploy Command
    participant Build as buildContract Function
    participant API as api.BuildContract
    participant FS as File System

    CLI->>Build: Invoke buildContract(arg)
    Build->>FS: Get current working directory
    Build->>API: Call api.BuildContract(arg)
    API-->>Build: Return result/error
    Build->>FS: Check & reset directory if necessary
    Build-->>CLI: Return final error/status

Loading

Possibly related PRs

• bump: dependencies #186: Updates the LIBMOVEVM_VERSION in the Dockerfile, closely aligning with the version update in this PR.
• bump movevm to v0.4.12 to update stadlibs #270: Involves updates to the LIBMOVEVM_VERSION in the Dockerfile, similar to the changes made in this PR.
• bump movevm to v0.4.4 #257: Similar update to the LIBMOVEVM_VERSION environment variable, albeit for different version numbers.

Poem

In a burrow of bytes and code so neat,
This rabbit hops with joy and beat.
Dependencies updated, routes now clear,
New functions and tests make the change appear.
With hops of glee and wiggling tail,
We celebrate these updates without fail.
🐇💻🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2350ac3 and d5a5f04.

⛔ Files ignored due to path filters (1)

• client/docs/swagger-ui/swagger.yaml is excluded by !**/*.yaml

📒 Files selected for processing (1)

• app/keepers/keepers.go (0 hunks)

💤 Files with no reviewable changes (1)

• app/keepers/keepers.go

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: golangci-lint
• GitHub Check: Run test and upload codecov
• GitHub Check: Initiad
• GitHub Check: Analyze (go)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/initia-labs/OPinit	0.7.1	Null	Unknown License
github.com/initia-labs/movevm	0.7.0	Null	Unknown License
github.com/noble-assets/forwarding/v2	2.0.1	Null	Unknown License

Denied Licenses: GPL-1.0-or-later, LGPL-2.0-or-later

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/cosmos/cosmos-db	1.1.1	🟢 5.7	Details Check Score Reason Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 9 Found 11/12 approved changesets -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST 🟢 7 SAST tool detected but not run on all commits
gomod/github.com/cosmos/cosmos-sdk	0.50.12	🟢 6.2	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 9 Found 22/24 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 8 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
gomod/github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v8	8.2.0	Unknown	Unknown
gomod/github.com/cosmos/ibc-go/v8	8.6.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(08-wasm/release/v0.6.x+ibc-go-v10.0.x-wasmvm-v2.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 42 existing vulnerabilities detected
gomod/github.com/cosmos/ledger-cosmos-go	0.14.0	🟢 4.3	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 6 Found 10/15 approved changesets -- score normalized to 6 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/initia-labs/OPinit	0.7.1	Unknown	Unknown
gomod/github.com/initia-labs/movevm	0.7.0	Unknown	Unknown
gomod/github.com/noble-assets/forwarding/v2	2.0.1	Unknown	Unknown
gomod/github.com/spf13/cast	1.7.1	🟢 4.8	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 4 Found 4/9 approved changesets -- score normalized to 4 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• go.mod

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/upgrade.go (1)

17-17: Module migrations are now executed as part of the upgrade process.

The upgrade handler now returns the result of app.ModuleManager.RunMigrations() instead of directly returning the version map. This is a significant change that runs module migrations during the upgrade process, ensuring that any necessary state migrations occur automatically.

Consider adding logging or telemetry to track migration execution success/failure for better observability during upgrades.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f5cd97d and 95ccc25.

⛔ Files ignored due to path filters (4)

• client/docs/config.json is excluded by !**/*.json
• client/docs/swagger-ui/swagger.yaml is excluded by !**/*.yaml
• go.mod is excluded by !**/*.mod
• go.sum is excluded by !**/*.sum, !**/*.sum

📒 Files selected for processing (14)

• Dockerfile (1 hunks)
• app/app.go (3 hunks)
• app/keepers/keepers.go (0 hunks)
• app/upgrade.go (1 hunks)
• cmd/move/deploy.go (3 hunks)
• cmd/move/move.go (1 hunks)
• scripts/protoc-swagger-gen.sh (3 hunks)
• x/distribution/keeper/common_test.go (1 hunks)
• x/distribution/keeper/delegation_test.go (1 hunks)
• x/ibc/nft-transfer/types/packet.go (2 hunks)
• x/intertx/keeper/msg_server.go (1 hunks)
• x/move/keeper/balancer.go (1 hunks)
• x/move/keeper/balancer_test.go (2 hunks)
• x/move/types/connector.go (1 hunks)

💤 Files with no reviewable changes (1)

• app/keepers/keepers.go

✅ Files skipped from review due to trivial changes (2)

• x/distribution/keeper/delegation_test.go
• x/distribution/keeper/common_test.go

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: golangci-lint
• GitHub Check: Run test and upload codecov
• GitHub Check: Initiad
• GitHub Check: Analyze (go)

🔇 Additional comments (22)

app/upgrade.go (1)

10-10:

❓ Verification inconclusive

Verify version compatibility with dependencies.

The constant upgradeName has been updated from "0.7.0" to "0.7.3". This version bump should align with the upgraded dependencies throughout the project, such as the LIBMOVEVM_VERSION in the Dockerfile.

---

🏁 Script executed:

#!/bin/bash
# Verify dependency versions match the upgrade version
echo "Checking for version references in project..."
rg -e "0\.7\.3|0\.7\.0" --type go

Length of output: 179

---

Action Required: Confirm Dependency Version Alignment
The constant upgradeName in app/upgrade.go has been correctly updated to "0.7.3". However, the current version-check script only confirms this change in Go files. There’s no verification that other dependencies of the project (for instance, the LIBMOVEVM_VERSION setting in the Dockerfile) have been updated accordingly. Please double-check that any dependency version references—especially in non-Go files like the Dockerfile—are aligned with this bump.

x/move/types/connector.go (1)

59-59:

✅ Verification successful

Function naming change affects DEX swap execution method.

The constant has been renamed from FunctionNameDexSwapScript to FunctionNameDexSudoSwap, suggesting a change from a script-based swap to a sudo (privileged) operation. This aligns with the changes in balancer_test.go that now use the fee collector address.

---

🏁 Script executed:

#!/bin/bash
# Find references to the renamed function to ensure consistent updates
echo "Checking for references to the old and new function names..."
rg -e "FunctionNameDexSwapScript|FunctionNameDexSudoSwap" --type go

Length of output: 324

---

DEX Swap Execution Naming Updated – Verified

The constant is now correctly renamed from FunctionNameDexSwapScript to FunctionNameDexSudoSwap to reflect the move towards a sudo-based execution method. We verified this change with a search that confirms consistent usage in both x/move/types/connector.go and x/move/keeper/balancer.go. No further modifications are required.

Dockerfile (1)

9-9:

✅ Verification successful

Library version upgrade from v0.6.1 to v0.7.0.

The LIBMOVEVM_VERSION environment variable has been updated to v0.7.0, which will cause the build process to download and use newer libraries. This aligns with the application upgrade from 0.7.0 to 0.7.3.

---

🏁 Script executed:

#!/bin/bash
# Check if the version is consistent across the codebase and if there are any compatibility notes
echo "Checking for libmovevm version references..."
rg -e "v0\.6\.1|v0\.7\.0" --type go --type dockerfile

# Check release notes or changelog if available
curl -s "https://github.com/initia-labs/movevm/releases/tag/v0.7.0" | grep -A 10 "Release v0.7.0"

Length of output: 1774

---

Library version upgrade verified – Ready to merge

• The Dockerfile now correctly sets LIBMOVEVM_VERSION=v0.7.0 (line 9), ensuring alignment with the application upgrade from 0.7.0 to 0.7.3.
• A review of the release notes confirms the update to v0.7.0.
• No lingering references to v0.6.1 were observed in the inspected contexts.

x/move/keeper/balancer_test.go (2)

148-153: Test updated to use fee collector for swap operations.

The test now transfers coins to the fee collector address before calling SwapToBase, reflecting a change in the SwapToBase implementation that likely now requires privileged access or uses the fee collector module as part of the swap process.

This change is consistent with the renaming of FunctionNameDexSwapScript to FunctionNameDexSudoSwap in the connector.go file.

---

156-156: Updated assertion to check fee collector's balance.

The test now correctly checks the fee collector's balance after the swap operation, consistent with the earlier change that uses the fee collector for the swap.

x/intertx/keeper/msg_server.go (1)

65-66:

❓ Verification inconclusive

Timeout value is now fixed rather than dynamic.

The code has been changed to use a fixed 5-minute relative timeout instead of what was likely a dynamic timeout based on block time. This simplifies the code but make sure this duration is sufficient for all expected transaction scenarios.

You may want to confirm if this timeout aligns with other timeout settings in the application:

---

🏁 Script executed:

#!/bin/bash
# Description: Search for similar timeout settings in the codebase to ensure consistency

rg -A 2 -B 2 "timeout.*time.Minute" --type go

Length of output: 47

---

Action Required: Verify Fixed Timeout Duration Consistency

The code now uses a fixed 5‑minute timeout at x/intertx/keeper/msg_server.go (lines 65–66):

relativeTimeoutTimestamp := uint64((time.Minute * 5).Nanoseconds())
icaMsg := icacontrollertypes.NewMsgSendTx(msg.Owner, msg.ConnectionId, uint64(relativeTimeoutTimestamp), packetData)

Automated searches for similar timeout configurations (using rg "timeout.*time.Minute") didn’t return any output. This makes it unclear whether this fixed value aligns with timeout settings elsewhere in the application. Please manually verify that a 5‑minute duration is appropriate and consistent with other timeout expectations within the project.

x/move/keeper/balancer.go (1)

61-70:

❓ Verification inconclusive

Function signature and parameter changes in swap implementation.

The swap implementation has been updated with several changes:

1. Using executeEntryFunction instead of ExecuteEntryFunction (changed from exported to unexported)
2. Passing addresses as a slice with StdAddress first
3. Changed function name from FunctionNameDexSwapScript to FunctionNameDexSudoSwap
4. Added a new boolean parameter

Ensure that all calling code has been updated to account for these changes, particularly if ExecuteEntryFunction was previously used externally.

---

🏁 Script executed:

#!/bin/bash
# Description: Check if ExecuteEntryFunction is still used elsewhere and verify DexSwapScript references

# Check for any remaining uses of ExecuteEntryFunction
rg "ExecuteEntryFunction" --type go

# Check for any remaining references to DexSwapScript
rg "DexSwapScript" --type go

Length of output: 6200

---

Update Dex Swap Implementation – Verify External Callers

The dex swap implementation in x/move/keeper/balancer.go has been modified as follows:

• Changed Function Access: Now calls the unexported executeEntryFunction instead of the exported ExecuteEntryFunction.
• Parameter Order Updated: Passing the addresses as a slice with vmtypes.StdAddress first.
• Function Name Update: Uses FunctionNameDexSudoSwap instead of FunctionNameDexSwapScript (and our search confirms no remaining references to the old name).
• New Boolean Parameter: A new flag has been added to the call.

However, our repository search still shows several external references to ExecuteEntryFunction (in tests and other modules). Please verify that these callers are either unaffected by—or appropriately updated for—the change, ensuring there is no inconsistency between internal and external usage.

// Updated code snippet in x/move/keeper/balancer.go (lines 61-70)
return k.executeEntryFunction(
	ctx,
	[]vmtypes.AccountAddress{vmtypes.StdAddress, trader},
	vmtypes.StdAddress,
	types.MoveModuleNameDex,
	types.FunctionNameDexSudoSwap,
	[]vmtypes.TypeTag{},
	[][]byte{metadataLP[:], metadataQuote[:], offerAmountBz, {0}},
	false,
)

If external callers (or tests) still rely on ExecuteEntryFunction, please confirm that they remain valid or adjust them to ensure consistency with the new implementation.

app/app.go (3)

74-75: New Block SDK integration.

Adding imports for the Block SDK modules, which aligns with the PR objectives of implementing dependency upgrades.

---

454-455: New Block SDK API routes registration.

Registering the Block SDK mempool API routes with the gRPC Gateway router. This is part of the Block SDK integration.

---

478-484: Additional Block SDK mempool service registration with type safety.

The code now registers the Block SDK mempool transaction service and correctly ensures type safety by checking if the mempool implements the required interface. This follows good defensive programming practices.

cmd/move/deploy.go (4)

155-156: LGTM!

The formatting change improves code readability by placing the closing brace on a new line.

---

45-45: LGTM!

Refactoring to use the new buildContract helper function improves code organization.

---

158-158: LGTM!

Consistent usage of the new helper function across similar code paths.

---

172-192: Good refactoring to handle working directory changes.

This new helper function centralizes contract building logic and properly handles working directory changes that might occur during the build process.

The function correctly:

1. Saves the current working directory
2. Calls the build API
3. Checks if the working directory changed
4. Restores the original directory if needed

This prevents potential bugs where directory changes during the build process might affect subsequent operations.

scripts/protoc-swagger-gen.sh (4)

14-15: LGTM!

Properly added new variables for Block SDK integration.

---

22-22: LGTM!

Correctly extracts the Block SDK version from go.mod file using the same pattern as other dependencies.

---

31-31: LGTM!

Added git clone command for Block SDK repository at the specified version.

---

45-45: LGTM!

Added Block SDK proto files path to the proto_dirs variable for Swagger generation.

x/ibc/nft-transfer/types/packet.go (4)

55-55: Improved validation for ClassId.

Changed validation to use strings.TrimSpace() which is more robust than simply checking length, as it properly handles whitespace-only strings.

---

61-66: Enhanced validation for TokenUris and TokenData.

The validation logic has been improved to be more flexible, allowing either:

1. Empty collections (length 0)
2. Collections with the same length as TokenIds

This change supports more use cases while maintaining data integrity.

---

69-69: Improved tokenId validation.

Using strings.TrimSpace() to check for blank tokenIds is more robust than checking only for zero length, as it properly handles whitespace-only strings.

---

125-132: Good data handling improvement.

This change ensures TokenUris and TokenData are properly initialized with empty strings instead of nil values when decoded, making the data structure more consistent and preventing potential nil pointer issues in downstream code.

[codecov]

Codecov Report

Attention: Patch coverage is 45.09804% with 28 lines in your changes missing coverage. Please review.

Project coverage is 41.21%. Comparing base (8188d3f) to head (d5a5f04).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
app/app.go	0.00%	9 Missing ⚠️
x/move/keeper/staking.go	55.55%	7 Missing and 1 partial ⚠️
x/ibc/nft-transfer/types/packet.go	46.15%	4 Missing and 3 partials ⚠️
x/mstaking/client/cli/query.go	0.00%	3 Missing ⚠️
app/upgrade.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #349      +/-   ##
==========================================
+ Coverage   41.18%   41.21%   +0.02%     
==========================================
  Files         269      269              
  Lines       25769    25761       -8     
==========================================
+ Hits        10613    10617       +4     
+ Misses      13507    13498       -9     
+ Partials     1649     1646       -3     

Files with missing lines	Coverage Δ
app/keepers/keepers.go	98.47% <ø> (-0.01%)	⬇️
x/ibc-hooks/ibc_middleware.go	25.39% <100.00%> (ø)
x/intertx/keeper/msg_server.go	91.89% <100.00%> (-0.61%)	⬇️
x/move/keeper/balancer.go	46.91% <100.00%> (+0.25%)	⬆️
x/move/types/connector.go	19.35% <ø> (ø)
x/mstaking/keeper/query_utils.go	21.56% <ø> (+5.39%)	⬆️
app/upgrade.go	50.00% <0.00%> (ø)
x/mstaking/client/cli/query.go	0.00% <0.00%> (ø)
x/ibc/nft-transfer/types/packet.go	65.38% <46.15%> (-4.19%)	⬇️
x/move/keeper/staking.go	60.85% <55.55%> (+2.42%)	⬆️
... and 1 more

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 95ccc25 and 16b4366.

⛔ Files ignored due to path filters (3)

• x/ibc-hooks/types/types.pb.go is excluded by !**/*.pb.go, !**/*.pb.go
• x/move/types/tx.pb.go is excluded by !**/*.pb.go, !**/*.pb.go
• x/mstaking/types/authz.pb.go is excluded by !**/*.pb.go, !**/*.pb.go

📒 Files selected for processing (6)

• api/initia/ibchooks/v1/types.pulsar.go (1 hunks)
• api/initia/move/v1/tx.pulsar.go (1 hunks)
• api/initia/mstaking/v1/authz.pulsar.go (2 hunks)
• proto/initia/ibchooks/v1/types.proto (1 hunks)
• proto/initia/move/v1/tx.proto (1 hunks)
• proto/initia/mstaking/v1/authz.proto (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: golangci-lint
• GitHub Check: Run test and upload codecov
• GitHub Check: Initiad
• GitHub Check: Analyze (go)

🔇 Additional comments (7)

proto/initia/ibchooks/v1/types.proto (1)

13-13: Consistent naming convention applied in amino.name option.

The change updates the amino.name from "ibc-hooks/Params" to "ibchooks/Params", aligning it with the module's naming structure. This ensures consistent naming patterns across the codebase.

api/initia/mstaking/v1/authz.pulsar.go (1)

1481-1533: Autogenerated changes to protobuf descriptors.

These changes to the raw descriptor byte arrays reflect updates to the underlying protocol buffer definitions, specifically the StakeAuthorization message. Since this is an auto-generated file, these changes are expected as a result of Proto file modifications.

api/initia/ibchooks/v1/types.pulsar.go (1)

1004-1027: Autogenerated changes to protobuf descriptors.

These modifications to the raw descriptor byte arrays reflect the changes made to the Params message in the proto/initia/ibchooks/v1/types.proto file, specifically the amino.name option update. These changes are automatically generated and shouldn't be manually edited.

api/initia/move/v1/tx.pulsar.go (1)

15554-15657: Protocol buffer file has been updated correctly.

This file contains machine-generated code from protocol buffer definitions. The changes reflect updates to the underlying .proto definition file, including:

1. Size adjustments for message types (changing from 0x9a, 0x01 to 0x97, 0x01 and 0x9a, 0x01 to 0xad, 0x01)
2. Updates to the MsgDelist message
3. Addition or modification of service RPC method definitions

These changes are consistent with what would be expected from protocol buffer generation and align with the PR objective to update dependencies.

proto/initia/mstaking/v1/authz.proto (3)

14-14: Consistent Naming for Amino Option
The change from "mstake/StakeAuthorization" to "mstaking/StakeAuthorization" ensures consistency with the new naming convention. This update is clear and aligns with the audit fixes intended in the PR.

---

27-27: Update Amino Oneof Option for AllowList
The updated option from "mstake/StakeAuthorization/AllowList" to "mstaking/StakeAuthorization/AllowList" correctly applies the revised naming standard. Please verify that any components referencing this option are updated accordingly.

---

29-29: Update Amino Oneof Option for DenyList
The change from "mstake/StakeAuthorization/DenyList" to "mstaking/StakeAuthorization/DenyList" further reinforces the updated naming convention. This ensures uniformity in protocol buffer definitions across the module.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

x/move/keeper/staking.go (2)

388-390: Consider renaming the metadatas slice to something more descriptive.
While the usage of metadatas is functionally correct, a more explicit naming (e.g., stakingMetadataAddresses) could help with code readability and clarity.

---

391-430: Evaluate the stop-on-error vs. partial iteration trade-off.
Currently, if an error occurs within Walk, the code terminates the iteration by returning true, err. This prevents any subsequent staking entries from being processed. For slashing scenarios, you might consider whether partial iteration should continue (logging errors instead) to ensure maximum coverage of slashing operations.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b331cb2 and 84299fb.

📒 Files selected for processing (1)

• x/move/keeper/staking.go (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: golangci-lint
• GitHub Check: Run test and upload codecov
• GitHub Check: Initiad
• GitHub Check: Analyze (go)

🔇 Additional comments (1)

x/move/keeper/staking.go (1)

382-383: BCS validator address serialization looks correct.
The usage of vmtypes.SerializeString(valAddr.String()) appears valid for applying a standardized representation of the validator address as a key.

[sh-cha]

LGTM