From 6335130a5d58614d37cb6e603ffc601a05ea16c9 Mon Sep 17 00:00:00 2001 From: Cosmic Vagabond <121588426+cosmic-vagabond@users.noreply.github.com> Date: Sat, 25 Nov 2023 11:07:44 +0100 Subject: [PATCH] fix: add contract addr checks to wasmbindings code (#277) --- x/amm/client/wasm/msg_create_pool.go | 4 ++++ x/amm/client/wasm/msg_exit_pool.go | 4 ++++ x/amm/client/wasm/msg_feed_multiple_external_liquidity.go | 4 ++++ x/amm/client/wasm/msg_join_pool.go | 4 ++++ x/amm/client/wasm/msg_swap_by_denom.go | 4 ++++ x/amm/client/wasm/msg_swap_exact_amount_in.go | 4 ++++ x/amm/client/wasm/msg_swap_exact_amount_out.go | 4 ++++ x/assetprofile/client/wasm/msg_create_entry.go | 4 ++++ x/assetprofile/client/wasm/msg_delete_entry.go | 4 ++++ x/assetprofile/client/wasm/msg_update_entry.go | 4 ++++ x/clock/client/wasm/msg_update_params.go | 4 ++++ x/commitment/client/wasm/msg_cancel_vest.go | 8 ++++++++ x/commitment/client/wasm/msg_commit_liquid_tokens.go | 4 ++++ x/commitment/client/wasm/msg_commit_unclaimed_rewards.go | 4 ++++ x/commitment/client/wasm/msg_stake.go | 4 ++++ x/commitment/client/wasm/msg_uncommit_tokens.go | 4 ++++ x/commitment/client/wasm/msg_unstake.go | 4 ++++ x/commitment/client/wasm/msg_update_vesting_info.go | 4 ++++ x/commitment/client/wasm/msg_vest.go | 8 ++++++++ x/commitment/client/wasm/msg_vest_now.go | 4 ++++ x/leveragelp/client/wasm/msg_close.go | 8 ++++++++ x/leveragelp/client/wasm/msg_dewhitelist.go | 4 ++++ x/leveragelp/client/wasm/msg_open.go | 8 ++++++++ x/leveragelp/client/wasm/msg_update_params.go | 4 ++++ x/leveragelp/client/wasm/msg_update_pools.go | 4 ++++ x/leveragelp/client/wasm/msg_whitelist.go | 4 ++++ x/margin/client/wasm/msg_broker_close.go | 8 ++++++++ x/margin/client/wasm/msg_broker_open.go | 8 ++++++++ x/margin/client/wasm/msg_close.go | 8 ++++++++ x/margin/client/wasm/msg_dewhitelist.go | 4 ++++ x/margin/client/wasm/msg_open.go | 8 ++++++++ x/margin/client/wasm/msg_update_params.go | 4 ++++ x/margin/client/wasm/msg_update_pools.go | 4 ++++ x/margin/client/wasm/msg_whitelist.go | 4 ++++ x/oracle/client/wasm/msg_delete_price_feeder.go | 4 ++++ x/oracle/client/wasm/msg_feed_multiple_prices.go | 4 ++++ x/oracle/client/wasm/msg_feed_price.go | 4 ++++ x/oracle/client/wasm/msg_request_band_price.go | 4 ++++ x/oracle/client/wasm/msg_set_price_feeder.go | 4 ++++ x/stablestake/client/wasm/msg_bond.go | 4 ++++ x/stablestake/client/wasm/msg_unbond.go | 4 ++++ x/tokenomics/client/wasm/msg_create_airdrop.go | 4 ++++ .../client/wasm/msg_create_time_based_inflation.go | 4 ++++ x/tokenomics/client/wasm/msg_delete_airdrop.go | 4 ++++ .../client/wasm/msg_delete_time_based_inflation.go | 4 ++++ x/tokenomics/client/wasm/msg_update_airdrop.go | 4 ++++ x/tokenomics/client/wasm/msg_update_genesis_inflation.go | 4 ++++ .../client/wasm/msg_update_time_based_inflation.go | 4 ++++ 48 files changed, 224 insertions(+) diff --git a/x/amm/client/wasm/msg_create_pool.go b/x/amm/client/wasm/msg_create_pool.go index 4548be6e7..8dc9851eb 100644 --- a/x/amm/client/wasm/msg_create_pool.go +++ b/x/amm/client/wasm/msg_create_pool.go @@ -15,6 +15,10 @@ func (m *Messenger) msgCreatePool(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "create pool null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "create pool wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/amm/client/wasm/msg_exit_pool.go b/x/amm/client/wasm/msg_exit_pool.go index 8c74eab05..255ae34dd 100644 --- a/x/amm/client/wasm/msg_exit_pool.go +++ b/x/amm/client/wasm/msg_exit_pool.go @@ -15,6 +15,10 @@ func (m *Messenger) msgExitPool(ctx sdk.Context, contractAddr sdk.AccAddress, ms return nil, nil, wasmvmtypes.InvalidRequest{Err: "exit pool null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "exit pool wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/amm/client/wasm/msg_feed_multiple_external_liquidity.go b/x/amm/client/wasm/msg_feed_multiple_external_liquidity.go index 74be001e2..e4f41baa5 100644 --- a/x/amm/client/wasm/msg_feed_multiple_external_liquidity.go +++ b/x/amm/client/wasm/msg_feed_multiple_external_liquidity.go @@ -15,6 +15,10 @@ func (m *Messenger) msgFeedMultipleExternalLiquidity(ctx sdk.Context, contractAd return nil, nil, wasmvmtypes.InvalidRequest{Err: "FeedMultipleExternalLiquidity null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "FeedMultipleExternalLiquidity wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/amm/client/wasm/msg_join_pool.go b/x/amm/client/wasm/msg_join_pool.go index 5e88bd2c0..203c3c62c 100644 --- a/x/amm/client/wasm/msg_join_pool.go +++ b/x/amm/client/wasm/msg_join_pool.go @@ -15,6 +15,10 @@ func (m *Messenger) msgJoinPool(ctx sdk.Context, contractAddr sdk.AccAddress, ms return nil, nil, wasmvmtypes.InvalidRequest{Err: "join pool null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "join pool wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/amm/client/wasm/msg_swap_by_denom.go b/x/amm/client/wasm/msg_swap_by_denom.go index 6b712f363..3b990a2ed 100644 --- a/x/amm/client/wasm/msg_swap_by_denom.go +++ b/x/amm/client/wasm/msg_swap_by_denom.go @@ -15,6 +15,10 @@ func (m *Messenger) msgSwapByDenom(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "swap by denom null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "swap by denom wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/amm/client/wasm/msg_swap_exact_amount_in.go b/x/amm/client/wasm/msg_swap_exact_amount_in.go index c9b05b9d6..a26326d73 100644 --- a/x/amm/client/wasm/msg_swap_exact_amount_in.go +++ b/x/amm/client/wasm/msg_swap_exact_amount_in.go @@ -15,6 +15,10 @@ func (m *Messenger) msgSwapExactAmountIn(ctx sdk.Context, contractAddr sdk.AccAd return nil, nil, wasmvmtypes.InvalidRequest{Err: "swap exact amount in null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "swap exact amount in wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/amm/client/wasm/msg_swap_exact_amount_out.go b/x/amm/client/wasm/msg_swap_exact_amount_out.go index 5879e3d36..45165dc39 100644 --- a/x/amm/client/wasm/msg_swap_exact_amount_out.go +++ b/x/amm/client/wasm/msg_swap_exact_amount_out.go @@ -15,6 +15,10 @@ func (m *Messenger) msgSwapExactAmountOut(ctx sdk.Context, contractAddr sdk.AccA return nil, nil, wasmvmtypes.InvalidRequest{Err: "swap exact amount out null msg"} } + if msg.Sender != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "swap exact amount out wrong sender"} + } + msgServer := ammkeeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/assetprofile/client/wasm/msg_create_entry.go b/x/assetprofile/client/wasm/msg_create_entry.go index 28e1fd278..a0988c379 100644 --- a/x/assetprofile/client/wasm/msg_create_entry.go +++ b/x/assetprofile/client/wasm/msg_create_entry.go @@ -15,6 +15,10 @@ func (m *Messenger) msgCreateEntry(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "CreateEntry null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "create entry wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/assetprofile/client/wasm/msg_delete_entry.go b/x/assetprofile/client/wasm/msg_delete_entry.go index 2d51cc971..7d5df4b5f 100644 --- a/x/assetprofile/client/wasm/msg_delete_entry.go +++ b/x/assetprofile/client/wasm/msg_delete_entry.go @@ -15,6 +15,10 @@ func (m *Messenger) msgDeleteEntry(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "DeleteEntry null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "delete entry wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/assetprofile/client/wasm/msg_update_entry.go b/x/assetprofile/client/wasm/msg_update_entry.go index 366ba3fb9..a786a77b1 100644 --- a/x/assetprofile/client/wasm/msg_update_entry.go +++ b/x/assetprofile/client/wasm/msg_update_entry.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateEntry(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateEntry null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update entry wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/clock/client/wasm/msg_update_params.go b/x/clock/client/wasm/msg_update_params.go index e9f11c334..6d56bd0da 100644 --- a/x/clock/client/wasm/msg_update_params.go +++ b/x/clock/client/wasm/msg_update_params.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateParams(ctx sdk.Context, contractAddr sdk.AccAddress return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateParams null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update params wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/commitment/client/wasm/msg_cancel_vest.go b/x/commitment/client/wasm/msg_cancel_vest.go index 813ff9adb..2c842a52e 100644 --- a/x/commitment/client/wasm/msg_cancel_vest.go +++ b/x/commitment/client/wasm/msg_cancel_vest.go @@ -13,6 +13,14 @@ import ( ) func (m *Messenger) msgCancelVest(ctx sdk.Context, contractAddr sdk.AccAddress, msgCancelVest *commitmenttypes.MsgCancelVest) ([]sdk.Event, [][]byte, error) { + if msgCancelVest == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "cancel vest null msg"} + } + + if msgCancelVest.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "cancel vest wrong sender"} + } + var res *wasmbindingstypes.RequestResponse var err error if msgCancelVest.Denom != paramtypes.Eden { diff --git a/x/commitment/client/wasm/msg_commit_liquid_tokens.go b/x/commitment/client/wasm/msg_commit_liquid_tokens.go index a2c8eac7d..8012af2c9 100644 --- a/x/commitment/client/wasm/msg_commit_liquid_tokens.go +++ b/x/commitment/client/wasm/msg_commit_liquid_tokens.go @@ -15,6 +15,10 @@ func (m *Messenger) msgCommitLiquidTokens(ctx sdk.Context, contractAddr sdk.AccA return nil, nil, wasmvmtypes.InvalidRequest{Err: "CommitLiquidTokens null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "commit liquid tokens wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/commitment/client/wasm/msg_commit_unclaimed_rewards.go b/x/commitment/client/wasm/msg_commit_unclaimed_rewards.go index c4eaab8f2..df3b24512 100644 --- a/x/commitment/client/wasm/msg_commit_unclaimed_rewards.go +++ b/x/commitment/client/wasm/msg_commit_unclaimed_rewards.go @@ -15,6 +15,10 @@ func (m *Messenger) msgCommitClaimedRewards(ctx sdk.Context, contractAddr sdk.Ac return nil, nil, wasmvmtypes.InvalidRequest{Err: "CommitUnclaimedRewards null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "commit unclaimed rewards wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/commitment/client/wasm/msg_stake.go b/x/commitment/client/wasm/msg_stake.go index fa05acc0e..682f88a04 100644 --- a/x/commitment/client/wasm/msg_stake.go +++ b/x/commitment/client/wasm/msg_stake.go @@ -18,6 +18,10 @@ func (m *Messenger) msgStake(ctx sdk.Context, contractAddr sdk.AccAddress, msgSt return nil, nil, wasmvmtypes.InvalidRequest{Err: "Invalid staking parameter"} } + if msgStake.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "stake wrong sender"} + } + entry, found := m.apKeeper.GetEntry(ctx, ptypes.BaseCurrency) if !found { return nil, nil, wasmvmtypes.InvalidRequest{Err: "Invalid usdc denom"} diff --git a/x/commitment/client/wasm/msg_uncommit_tokens.go b/x/commitment/client/wasm/msg_uncommit_tokens.go index 8f168b0f1..650bf70e1 100644 --- a/x/commitment/client/wasm/msg_uncommit_tokens.go +++ b/x/commitment/client/wasm/msg_uncommit_tokens.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUncommitTokens(ctx sdk.Context, contractAddr sdk.AccAddre return nil, nil, wasmvmtypes.InvalidRequest{Err: "UncommitTokens null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "uncommit tokens wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/commitment/client/wasm/msg_unstake.go b/x/commitment/client/wasm/msg_unstake.go index c03a52a58..8f35b0753 100644 --- a/x/commitment/client/wasm/msg_unstake.go +++ b/x/commitment/client/wasm/msg_unstake.go @@ -18,6 +18,10 @@ func (m *Messenger) msgUnstake(ctx sdk.Context, contractAddr sdk.AccAddress, msg return nil, nil, wasmvmtypes.InvalidRequest{Err: "Invalid unstaking parameter"} } + if msgUnstake.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "unstake wrong sender"} + } + entry, found := m.apKeeper.GetEntry(ctx, ptypes.BaseCurrency) if !found { return nil, nil, wasmvmtypes.InvalidRequest{Err: "Invalid usdc denom"} diff --git a/x/commitment/client/wasm/msg_update_vesting_info.go b/x/commitment/client/wasm/msg_update_vesting_info.go index 3bf403707..bf2e38719 100644 --- a/x/commitment/client/wasm/msg_update_vesting_info.go +++ b/x/commitment/client/wasm/msg_update_vesting_info.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateVestingInfo(ctx sdk.Context, contractAddr sdk.AccAd return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateVestingInfo null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update vesting info wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/commitment/client/wasm/msg_vest.go b/x/commitment/client/wasm/msg_vest.go index df043a24b..d50e0b179 100644 --- a/x/commitment/client/wasm/msg_vest.go +++ b/x/commitment/client/wasm/msg_vest.go @@ -13,6 +13,14 @@ import ( ) func (m *Messenger) msgVest(ctx sdk.Context, contractAddr sdk.AccAddress, msgVest *commitmenttypes.MsgVest) ([]sdk.Event, [][]byte, error) { + if msgVest == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Vest null msg"} + } + + if msgVest.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "vest wrong sender"} + } + var res *wasmbindingstypes.RequestResponse var err error if msgVest.Denom != paramtypes.Eden { diff --git a/x/commitment/client/wasm/msg_vest_now.go b/x/commitment/client/wasm/msg_vest_now.go index 2621aa04e..4d89f2321 100644 --- a/x/commitment/client/wasm/msg_vest_now.go +++ b/x/commitment/client/wasm/msg_vest_now.go @@ -15,6 +15,10 @@ func (m *Messenger) msgVestNow(ctx sdk.Context, contractAddr sdk.AccAddress, msg return nil, nil, wasmvmtypes.InvalidRequest{Err: "VestNow null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "vest now wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/leveragelp/client/wasm/msg_close.go b/x/leveragelp/client/wasm/msg_close.go index 6e622ed74..ac9d7d01f 100644 --- a/x/leveragelp/client/wasm/msg_close.go +++ b/x/leveragelp/client/wasm/msg_close.go @@ -11,6 +11,14 @@ import ( ) func (m *Messenger) msgClose(ctx sdk.Context, contractAddr sdk.AccAddress, msgClose *leveragelptypes.MsgClose) ([]sdk.Event, [][]byte, error) { + if msgClose == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Close null msg"} + } + + if msgClose.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "close wrong sender"} + } + res, err := PerformMsgClose(m.keeper, ctx, contractAddr, msgClose) if err != nil { return nil, nil, errorsmod.Wrap(err, "perform close") diff --git a/x/leveragelp/client/wasm/msg_dewhitelist.go b/x/leveragelp/client/wasm/msg_dewhitelist.go index 68b27620c..0b5f56dde 100644 --- a/x/leveragelp/client/wasm/msg_dewhitelist.go +++ b/x/leveragelp/client/wasm/msg_dewhitelist.go @@ -15,6 +15,10 @@ func (m *Messenger) msgDewhitelist(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "Dewhitelist null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "dewhitelist wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/leveragelp/client/wasm/msg_open.go b/x/leveragelp/client/wasm/msg_open.go index c044b2cbe..df9271f3f 100644 --- a/x/leveragelp/client/wasm/msg_open.go +++ b/x/leveragelp/client/wasm/msg_open.go @@ -12,6 +12,14 @@ import ( ) func (m *Messenger) msgOpen(ctx sdk.Context, contractAddr sdk.AccAddress, msgOpen *leveragelptypes.MsgOpen) ([]sdk.Event, [][]byte, error) { + if msgOpen == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Open null msg"} + } + + if msgOpen.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "open wrong sender"} + } + res, err := PerformMsgOpen(m.keeper, ctx, contractAddr, msgOpen) if err != nil { return nil, nil, errorsmod.Wrap(err, "perform open") diff --git a/x/leveragelp/client/wasm/msg_update_params.go b/x/leveragelp/client/wasm/msg_update_params.go index 241ca9b5d..61df01492 100644 --- a/x/leveragelp/client/wasm/msg_update_params.go +++ b/x/leveragelp/client/wasm/msg_update_params.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateParams(ctx sdk.Context, contractAddr sdk.AccAddress return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateParams null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update params wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/leveragelp/client/wasm/msg_update_pools.go b/x/leveragelp/client/wasm/msg_update_pools.go index 98bf9dc55..55fb9862a 100644 --- a/x/leveragelp/client/wasm/msg_update_pools.go +++ b/x/leveragelp/client/wasm/msg_update_pools.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdatePools(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdatePools null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update pools wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/leveragelp/client/wasm/msg_whitelist.go b/x/leveragelp/client/wasm/msg_whitelist.go index 6b689f613..284ad7134 100644 --- a/x/leveragelp/client/wasm/msg_whitelist.go +++ b/x/leveragelp/client/wasm/msg_whitelist.go @@ -15,6 +15,10 @@ func (m *Messenger) msgWhitelist(ctx sdk.Context, contractAddr sdk.AccAddress, m return nil, nil, wasmvmtypes.InvalidRequest{Err: "Whitelist null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "whitelist wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/margin/client/wasm/msg_broker_close.go b/x/margin/client/wasm/msg_broker_close.go index 3c567be41..500a8077d 100644 --- a/x/margin/client/wasm/msg_broker_close.go +++ b/x/margin/client/wasm/msg_broker_close.go @@ -11,6 +11,14 @@ import ( ) func (m *Messenger) msgBrokerClose(ctx sdk.Context, contractAddr sdk.AccAddress, msgBrokerClose *margintypes.MsgBrokerClose) ([]sdk.Event, [][]byte, error) { + if msgBrokerClose == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Broker Close null msg"} + } + + if msgBrokerClose.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "broker close wrong sender"} + } + res, err := PerformMsgBrokerClose(m.keeper, ctx, contractAddr, msgBrokerClose) if err != nil { return nil, nil, errorsmod.Wrap(err, "perform broker close") diff --git a/x/margin/client/wasm/msg_broker_open.go b/x/margin/client/wasm/msg_broker_open.go index fec830480..b02ac0448 100644 --- a/x/margin/client/wasm/msg_broker_open.go +++ b/x/margin/client/wasm/msg_broker_open.go @@ -12,6 +12,14 @@ import ( ) func (m *Messenger) msgBrokerOpen(ctx sdk.Context, contractAddr sdk.AccAddress, msgBrokerOpen *margintypes.MsgBrokerOpen) ([]sdk.Event, [][]byte, error) { + if msgBrokerOpen == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Broker Open null msg"} + } + + if msgBrokerOpen.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "broker open wrong sender"} + } + res, err := PerformMsgBrokerOpen(m.keeper, ctx, contractAddr, msgBrokerOpen) if err != nil { return nil, nil, errorsmod.Wrap(err, "perform broker open") diff --git a/x/margin/client/wasm/msg_close.go b/x/margin/client/wasm/msg_close.go index 9b8255a63..20d95bc99 100644 --- a/x/margin/client/wasm/msg_close.go +++ b/x/margin/client/wasm/msg_close.go @@ -11,6 +11,14 @@ import ( ) func (m *Messenger) msgClose(ctx sdk.Context, contractAddr sdk.AccAddress, msgClose *margintypes.MsgClose) ([]sdk.Event, [][]byte, error) { + if msgClose == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Close null msg"} + } + + if msgClose.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "close wrong sender"} + } + res, err := PerformMsgClose(m.keeper, ctx, contractAddr, msgClose) if err != nil { return nil, nil, errorsmod.Wrap(err, "perform close") diff --git a/x/margin/client/wasm/msg_dewhitelist.go b/x/margin/client/wasm/msg_dewhitelist.go index 1d3f8e90f..a800ea2e2 100644 --- a/x/margin/client/wasm/msg_dewhitelist.go +++ b/x/margin/client/wasm/msg_dewhitelist.go @@ -15,6 +15,10 @@ func (m *Messenger) msgDewhitelist(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "Dewhitelist null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "dewhitelist wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/margin/client/wasm/msg_open.go b/x/margin/client/wasm/msg_open.go index 7274d067b..0437a8091 100644 --- a/x/margin/client/wasm/msg_open.go +++ b/x/margin/client/wasm/msg_open.go @@ -12,6 +12,14 @@ import ( ) func (m *Messenger) msgOpen(ctx sdk.Context, contractAddr sdk.AccAddress, msgOpen *margintypes.MsgOpen) ([]sdk.Event, [][]byte, error) { + if msgOpen == nil { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "Open null msg"} + } + + if msgOpen.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "open wrong sender"} + } + res, err := PerformMsgOpen(m.keeper, ctx, contractAddr, msgOpen) if err != nil { return nil, nil, errorsmod.Wrap(err, "perform open") diff --git a/x/margin/client/wasm/msg_update_params.go b/x/margin/client/wasm/msg_update_params.go index 8a019e213..baa85d6ef 100644 --- a/x/margin/client/wasm/msg_update_params.go +++ b/x/margin/client/wasm/msg_update_params.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateParams(ctx sdk.Context, contractAddr sdk.AccAddress return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateParams null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update params wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/margin/client/wasm/msg_update_pools.go b/x/margin/client/wasm/msg_update_pools.go index e994e1a80..8044054ee 100644 --- a/x/margin/client/wasm/msg_update_pools.go +++ b/x/margin/client/wasm/msg_update_pools.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdatePools(ctx sdk.Context, contractAddr sdk.AccAddress, return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdatePools null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update pools wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/margin/client/wasm/msg_whitelist.go b/x/margin/client/wasm/msg_whitelist.go index 371fd0989..40b791af9 100644 --- a/x/margin/client/wasm/msg_whitelist.go +++ b/x/margin/client/wasm/msg_whitelist.go @@ -15,6 +15,10 @@ func (m *Messenger) msgWhitelist(ctx sdk.Context, contractAddr sdk.AccAddress, m return nil, nil, wasmvmtypes.InvalidRequest{Err: "Whitelist null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "whitelist wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/oracle/client/wasm/msg_delete_price_feeder.go b/x/oracle/client/wasm/msg_delete_price_feeder.go index 81b0c28a1..922b436b3 100644 --- a/x/oracle/client/wasm/msg_delete_price_feeder.go +++ b/x/oracle/client/wasm/msg_delete_price_feeder.go @@ -15,6 +15,10 @@ func (m *Messenger) msgDeletePriceFeeder(ctx sdk.Context, contractAddr sdk.AccAd return nil, nil, wasmvmtypes.InvalidRequest{Err: "DeletePriceFeeder null msg"} } + if msg.Feeder != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "delete price feeder wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/oracle/client/wasm/msg_feed_multiple_prices.go b/x/oracle/client/wasm/msg_feed_multiple_prices.go index b6d2d8e71..aed58e41c 100644 --- a/x/oracle/client/wasm/msg_feed_multiple_prices.go +++ b/x/oracle/client/wasm/msg_feed_multiple_prices.go @@ -15,6 +15,10 @@ func (m *Messenger) msgFeedMultiplePrices(ctx sdk.Context, contractAddr sdk.AccA return nil, nil, wasmvmtypes.InvalidRequest{Err: "FeedMultiplePrices null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "feed multiple prices wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/oracle/client/wasm/msg_feed_price.go b/x/oracle/client/wasm/msg_feed_price.go index d3a66c85d..0d99caa7f 100644 --- a/x/oracle/client/wasm/msg_feed_price.go +++ b/x/oracle/client/wasm/msg_feed_price.go @@ -15,6 +15,10 @@ func (m *Messenger) msgFeedPrice(ctx sdk.Context, contractAddr sdk.AccAddress, m return nil, nil, wasmvmtypes.InvalidRequest{Err: "FeedPrice null msg"} } + if msg.Provider != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "feed price wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/oracle/client/wasm/msg_request_band_price.go b/x/oracle/client/wasm/msg_request_band_price.go index 5cdcc0312..433f71c04 100644 --- a/x/oracle/client/wasm/msg_request_band_price.go +++ b/x/oracle/client/wasm/msg_request_band_price.go @@ -15,6 +15,10 @@ func (m *Messenger) msgRequestBandPrice(ctx sdk.Context, contractAddr sdk.AccAdd return nil, nil, wasmvmtypes.InvalidRequest{Err: "RequestBandPrice null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "request band price wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/oracle/client/wasm/msg_set_price_feeder.go b/x/oracle/client/wasm/msg_set_price_feeder.go index 283962d2b..4f084ed5f 100644 --- a/x/oracle/client/wasm/msg_set_price_feeder.go +++ b/x/oracle/client/wasm/msg_set_price_feeder.go @@ -15,6 +15,10 @@ func (m *Messenger) msgSetPriceFeeder(ctx sdk.Context, contractAddr sdk.AccAddre return nil, nil, wasmvmtypes.InvalidRequest{Err: "SetPriceFeeder null msg"} } + if msg.Feeder != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "set price feeder wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/stablestake/client/wasm/msg_bond.go b/x/stablestake/client/wasm/msg_bond.go index d52325982..4578207f9 100644 --- a/x/stablestake/client/wasm/msg_bond.go +++ b/x/stablestake/client/wasm/msg_bond.go @@ -15,6 +15,10 @@ func (m *Messenger) msgBond(ctx sdk.Context, contractAddr sdk.AccAddress, msg *t return nil, nil, wasmvmtypes.InvalidRequest{Err: "Bond null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "bond wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/stablestake/client/wasm/msg_unbond.go b/x/stablestake/client/wasm/msg_unbond.go index 3a5e3403f..06e84a47a 100644 --- a/x/stablestake/client/wasm/msg_unbond.go +++ b/x/stablestake/client/wasm/msg_unbond.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUnbond(ctx sdk.Context, contractAddr sdk.AccAddress, msg return nil, nil, wasmvmtypes.InvalidRequest{Err: "Unbond null msg"} } + if msg.Creator != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "unbond wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_create_airdrop.go b/x/tokenomics/client/wasm/msg_create_airdrop.go index 3a12fd279..d584ce38a 100644 --- a/x/tokenomics/client/wasm/msg_create_airdrop.go +++ b/x/tokenomics/client/wasm/msg_create_airdrop.go @@ -15,6 +15,10 @@ func (m *Messenger) msgCreateAirdrop(ctx sdk.Context, contractAddr sdk.AccAddres return nil, nil, wasmvmtypes.InvalidRequest{Err: "CreateAirdrop null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "create airdrop wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_create_time_based_inflation.go b/x/tokenomics/client/wasm/msg_create_time_based_inflation.go index f542a6dc4..ccca9068a 100644 --- a/x/tokenomics/client/wasm/msg_create_time_based_inflation.go +++ b/x/tokenomics/client/wasm/msg_create_time_based_inflation.go @@ -15,6 +15,10 @@ func (m *Messenger) msgCreateTimeBasedInflation(ctx sdk.Context, contractAddr sd return nil, nil, wasmvmtypes.InvalidRequest{Err: "CreateTimeBasedInflation null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "create time based inflation wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_delete_airdrop.go b/x/tokenomics/client/wasm/msg_delete_airdrop.go index c10a86827..e0eb543ce 100644 --- a/x/tokenomics/client/wasm/msg_delete_airdrop.go +++ b/x/tokenomics/client/wasm/msg_delete_airdrop.go @@ -15,6 +15,10 @@ func (m *Messenger) msgDeleteAirdrop(ctx sdk.Context, contractAddr sdk.AccAddres return nil, nil, wasmvmtypes.InvalidRequest{Err: "DeleteAirdrop null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "create airdrop wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_delete_time_based_inflation.go b/x/tokenomics/client/wasm/msg_delete_time_based_inflation.go index 94d56b282..bd5ef05c0 100644 --- a/x/tokenomics/client/wasm/msg_delete_time_based_inflation.go +++ b/x/tokenomics/client/wasm/msg_delete_time_based_inflation.go @@ -15,6 +15,10 @@ func (m *Messenger) msgDeleteTimeBasedInflation(ctx sdk.Context, contractAddr sd return nil, nil, wasmvmtypes.InvalidRequest{Err: "DeleteTimeBasedInflation null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "delete time based inflation wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_update_airdrop.go b/x/tokenomics/client/wasm/msg_update_airdrop.go index 81bac6cf3..fcf0df8ca 100644 --- a/x/tokenomics/client/wasm/msg_update_airdrop.go +++ b/x/tokenomics/client/wasm/msg_update_airdrop.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateAirdrop(ctx sdk.Context, contractAddr sdk.AccAddres return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateAirdrop null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update airdrop wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_update_genesis_inflation.go b/x/tokenomics/client/wasm/msg_update_genesis_inflation.go index acc9d8be2..8ceba0323 100644 --- a/x/tokenomics/client/wasm/msg_update_genesis_inflation.go +++ b/x/tokenomics/client/wasm/msg_update_genesis_inflation.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateGenesisInflation(ctx sdk.Context, contractAddr sdk. return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateGenesisInflation null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update genesis inflation wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil { diff --git a/x/tokenomics/client/wasm/msg_update_time_based_inflation.go b/x/tokenomics/client/wasm/msg_update_time_based_inflation.go index 275ce907c..eb56407f7 100644 --- a/x/tokenomics/client/wasm/msg_update_time_based_inflation.go +++ b/x/tokenomics/client/wasm/msg_update_time_based_inflation.go @@ -15,6 +15,10 @@ func (m *Messenger) msgUpdateTimeBasedInflation(ctx sdk.Context, contractAddr sd return nil, nil, wasmvmtypes.InvalidRequest{Err: "UpdateTimeBasedInflation null msg"} } + if msg.Authority != contractAddr.String() { + return nil, nil, wasmvmtypes.InvalidRequest{Err: "update time based inflation wrong sender"} + } + msgServer := keeper.NewMsgServerImpl(*m.keeper) if err := msg.ValidateBasic(); err != nil {