github.com/cosmos/cosmos-sdk@v0.50.10/x/group/keeper/proposal_executor.go

github.com/cosmos/cosmos-sdk@v0.50.10/x/group/keeper/proposal_executor.go (about)

     1  package keeper
     2  
     3  import (
     4  	"bytes"
     5  	"fmt"
     6  
     7  	errorsmod "cosmossdk.io/errors"
     8  
     9  	"github.com/cosmos/cosmos-sdk/baseapp"
    10  	"github.com/cosmos/cosmos-sdk/codec"
    11  	sdk "github.com/cosmos/cosmos-sdk/types"
    12  	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
    13  	"github.com/cosmos/cosmos-sdk/x/group"
    14  	"github.com/cosmos/cosmos-sdk/x/group/errors"
    15  )
    16  
    17  // doExecuteMsgs routes the messages to the registered handlers. Messages are limited to those that require no authZ or
    18  // by the account of group policy only. Otherwise this gives access to other peoples accounts as the sdk middlewares are bypassed
    19  func (s Keeper) doExecuteMsgs(ctx sdk.Context, router baseapp.MessageRouter, proposal group.Proposal, groupPolicyAcc sdk.AccAddress, decisionPolicy group.DecisionPolicy) ([]sdk.Result, error) {
    20  	// Ensure it's not too early to execute the messages.
    21  	minExecutionDate := proposal.SubmitTime.Add(decisionPolicy.GetMinExecutionPeriod())
    22  	if ctx.BlockTime().Before(minExecutionDate) {
    23  		return nil, errors.ErrInvalid.Wrapf("must wait until %s to execute proposal %d", minExecutionDate, proposal.Id)
    24  	}
    25  
    26  	// Ensure it's not too late to execute the messages.
    27  	// After https://github.com/cosmos/cosmos-sdk/issues/11245, proposals should
    28  	// be pruned automatically, so this function should not even be called, as
    29  	// the proposal doesn't exist in state. For sanity check, we can still keep
    30  	// this simple and cheap check.
    31  	expiryDate := proposal.VotingPeriodEnd.Add(s.config.MaxExecutionPeriod)
    32  	if expiryDate.Before(ctx.BlockTime()) {
    33  		return nil, errors.ErrExpired.Wrapf("proposal expired on %s", expiryDate)
    34  	}
    35  
    36  	msgs, err := proposal.GetMsgs()
    37  	if err != nil {
    38  		return nil, err
    39  	}
    40  
    41  	results := make([]sdk.Result, len(msgs))
    42  	if err := ensureMsgAuthZ(msgs, groupPolicyAcc, s.cdc); err != nil {
    43  		return nil, err
    44  	}
    45  	for i, msg := range msgs {
    46  		handler := s.router.Handler(msg)
    47  		if handler == nil {
    48  			return nil, errorsmod.Wrapf(errors.ErrInvalid, "no message handler found for %q", sdk.MsgTypeURL(msg))
    49  		}
    50  		r, err := handler(ctx, msg)
    51  		if err != nil {
    52  			return nil, errorsmod.Wrapf(err, "message %s at position %d", sdk.MsgTypeURL(msg), i)
    53  		}
    54  		// Handler should always return non-nil sdk.Result.
    55  		if r == nil {
    56  			return nil, fmt.Errorf("got nil sdk.Result for message %q at position %d", msg, i)
    57  		}
    58  
    59  		results[i] = *r
    60  	}
    61  	return results, nil
    62  }
    63  
    64  // ensureMsgAuthZ checks that if a message requires signers that all of them
    65  // are equal to the given account address of group policy.
    66  func ensureMsgAuthZ(msgs []sdk.Msg, groupPolicyAcc sdk.AccAddress, cdc codec.Codec) error {
    67  	for i := range msgs {
    68  		// In practice, GetSigners() should return a non-empty array without
    69  		// duplicates, so the code below is equivalent to:
    70  		// `msgs[i].GetSigners()[0] == groupPolicyAcc`
    71  		// but we prefer to loop through all GetSigners just to be sure.
    72  		signers, _, err := cdc.GetMsgV1Signers(msgs[i])
    73  		if err != nil {
    74  			return err
    75  		}
    76  
    77  		for _, acct := range signers {
    78  			if !bytes.Equal(groupPolicyAcc, acct) {
    79  				return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "msg does not have group policy authorization; expected %s, got %s", groupPolicyAcc.String(), acct)
    80  			}
    81  		}
    82  	}
    83  	return nil
    84  }