Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: blocked addrs #210

Merged
merged 6 commits into from
Jun 20, 2024
Merged

feat: blocked addrs #210

merged 6 commits into from
Jun 20, 2024

Conversation

beer-1
Copy link
Contributor

@beer-1 beer-1 commented Jun 19, 2024

need to bump movevm

initia-labs/movevm#73

@beer-1 beer-1 requested a review from a team as a code owner June 19, 2024 03:10
@beer-1 beer-1 self-assigned this Jun 19, 2024
Copy link

coderabbitai bot commented Jun 19, 2024

Warning

Review failed

The pull request is closed.

Walkthrough

Walkthrough

The recent updates encompass various components, focusing on enhancing functionality and code maintainability across the application. Changes span from refining API responses and updating method parameters to incorporating new imports and adjusting Dockerfile configurations. Notably, the GetAccountInfo method now indicates blocked accounts, several method names and parameters were revised for clarity and accuracy, and Docker configurations were updated to use the latest version of LIBMOVEVM.

Changes

Files / Groups Change Summary
app/app.go Introduced the import "golang.org/x/exp/maps" and passed maps.Keys(maccPerms) to move.NewAppModule.
x/move/keeper/api.go, api_test.go Added is_blocked boolean return value to GetAccountInfo in api.go and adjusted tests in api_test.go.
x/move/keeper/bank.go, connector.go Renamed functions related to coin operations for clarity and updated relevant method parameters.
x/move/keeper/genesis.go, module.go Updated InitGenesis function to accept moduleNames and adjusted constructor in module.go to handle the new field.
Dockerfile, images/private/Dockerfile Updated LIBMOVEVM_VERSION from v0.3.1 to v0.3.2 in Docker configurations.

Poem

In the code where data flows,
A change is made, and brilliance shows.
With keys and maps, and modules bright,
The API now sheds more light.
Docker’s got a version new,
Onward, upward, always true.
CodeRabbit cheers these strides of code,
In whispered bytes, tales are told.

Happy coding! 🐇✨


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Outside diff range and nitpick comments (2)
x/move/module.go (1)

[!TIP]
Codebase Verification

The recent script execution revealed several occurrences of moduleNames across different files in the codebase, but none of these instances showed any explicit validation or sanitization of the moduleNames field.

  • File: x/move/module.go

    • moduleNames is initialized in the NewAppModule constructor.
    • Used in AppModule.InitGenesis.
  • File: x/move/types/authz.go

    • moduleNames is used in NewPublishAuthorization.
  • File: x/move/types/authz.pb.go

    • moduleNames is a field in PublishAuthorization.
  • File: x/move/keeper/genesis.go

    • moduleNames is used in Keeper.InitGenesis.
  • File: api/initia/move/v1/authz.pulsar.go

    • moduleNames is a field in PublishAuthorization.

Given the critical nature of moduleNames and its impact on module behavior, it is imperative to ensure that these names are validated and sanitized to avoid potential security or stability issues.

Recommendation:

  • Add validation and sanitization checks for moduleNames in the NewAppModule constructor and any other relevant methods where moduleNames is used.

Locations to address:

  • x/move/module.go (NewAppModule constructor and InitGenesis method)
  • x/move/types/authz.go (NewPublishAuthorization method)
  • x/move/keeper/genesis.go (InitGenesis method)
Analysis chain

Line range hint 93-122: The NewAppModule constructor now initializes the moduleNames field. Ensure that the moduleNames are properly sanitized and validated where they are used, as they directly impact module behavior.

Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Verify that moduleNames are sanitized and validated in all usages.

# Test: Search for usages of moduleNames and check for validation or sanitization.
rg --type go $'moduleNames' -A 10 | grep 'validate\|sanitize'

Length of output: 60



Script:

#!/bin/bash
# Description: Find all occurrences of `moduleNames` in the codebase and inspect their context.

# Find all files containing `moduleNames`
rg --type go --files-with-matches 'moduleNames' | while read -r file; do
  echo "File: $file"
  # Display lines containing `moduleNames` with 5 lines of context
  rg --type go 'moduleNames' -C 5 "$file"
done

Length of output: 3687

x/move/keeper/api_test.go (1)

Line range hint 35-64: Updated test cases in Test_GetAccountInfo effectively test the new is_blocked functionality. Ensure that additional edge cases, such as accounts transitioning between blocked and unblocked states, are also tested to cover all possible scenarios.

Would you like me to help you design these additional test cases?

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between d5dd63d and e02cb4a.

Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/*.sum
Files selected for processing (7)
  • app/app.go (2 hunks)
  • x/move/keeper/api.go (2 hunks)
  • x/move/keeper/api_test.go (5 hunks)
  • x/move/keeper/bank.go (2 hunks)
  • x/move/keeper/genesis.go (2 hunks)
  • x/move/module.go (3 hunks)
  • x/move/types/connector.go (2 hunks)
Additional comments not posted (5)
x/move/keeper/api.go (1)

Line range hint 33-54: The updated GetAccountInfo method now includes an is_blocked return value. Ensure that all calls to this method across the codebase are updated to handle this new return value.

Verification successful

All instances of GetAccountInfo across the codebase, including in x/move/keeper/api_test.go, correctly handle the new is_blocked return value.

  • x/move/keeper/api_test.go: All calls to GetAccountInfo handle the is_blocked return value, either by assigning it to a variable or ignoring it with an underscore.
Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Verify all function calls to `GetAccountInfo` handle the new return value.

# Test: Search for the function usage. Expect: Only occurances of the new signature.
rg --type go $'GetAccountInfo'

Length of output: 872



Script:

#!/bin/bash
# Description: Verify all function calls to `GetAccountInfo` handle the new return value across the entire codebase.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type go 'GetAccountInfo'

Length of output: 872

x/move/keeper/bank.go (2)

450-450: Ensure the function name reflects the new capabilities.

The renaming of FunctionNameManagedCoinMint to FunctionNameManagedCoinSudoMint clarifies the escalated privileges required for this operation.


523-531: Verify the new function call parameters for correctness.

The addition of an explicit address list and a boolean flag in the executeEntryFunction call must be validated to ensure it aligns with the intended security model and functionality. Please verify that the new parameters ([]vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr} and false) are used correctly across all invocations.

Verification successful

The function executeEntryFunction is invoked in two files with different parameters:

  • In x/move/keeper/bank.go, the parameters include an explicit address list []vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr} and the boolean flag false.
  • In x/move/keeper/handler.go, the parameters include []vmtypes.AccountAddress{sender}.

The review comment specifically mentioned verifying the correctness of the new parameters introduced in x/move/keeper/bank.go. Given the different parameters used in x/move/keeper/handler.go, it is crucial to ensure that the new parameters in x/move/keeper/bank.go align with the intended security model and functionality.

Key Points to Verify:

  • The explicit address list []vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr}.
  • The boolean flag false.

Next Steps:

  • Verify the context and intended usage of these parameters in x/move/keeper/bank.go.
  • Ensure that the new parameters do not introduce security vulnerabilities or functional issues.

The extracted context around the invocation in x/move/keeper/bank.go shows the preparation of parameters before calling executeEntryFunction. The new parameters include an explicit address list and a boolean flag. Based on the context, the parameters appear to be correctly set up and used as intended.

Key Points:

  • The explicit address list []vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr} is constructed using vmtypes.StdAddress and fromVmAddr.
  • The boolean flag false is passed as the last argument.

Given the context and the parameters' setup, it seems that the new parameters align with the intended security model and functionality.

  • x/move/keeper/bank.go: The address list and boolean flag are correctly used in the invocation of executeEntryFunction.
Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Verify correct usage of the new `executeEntryFunction` parameters in the codebase.

# Test: Search for the function usage. Expect: Only occurances with the correct parameters.
rg --type go $'executeEntryFunction'

Length of output: 266



Script:

#!/bin/bash
# Extract lines containing the invocations of `executeEntryFunction` in the specified files to verify the parameters.

# Extract from x/move/keeper/bank.go
rg -A 5 'executeEntryFunction' x/move/keeper/bank.go

# Extract from x/move/keeper/handler.go
rg -A 5 'executeEntryFunction' x/move/keeper/handler.go

Length of output: 712



Script:

#!/bin/bash
# Extract additional context around the invocation in x/move/keeper/bank.go to verify the intended usage and correctness of the parameters.

# Extract 10 lines before and after the invocation of executeEntryFunction in x/move/keeper/bank.go
rg -C 10 'executeEntryFunction' x/move/keeper/bank.go

Length of output: 513

x/move/types/connector.go (1)

31-31: Clarification of function purpose through naming.

Renaming FunctionNameManagedCoinMint to FunctionNameManagedCoinSudoMint provides a clearer indication of the function's elevated privilege requirements.

app/app.go (1)

15-15: Ensure that the new import "golang.org/x/exp/maps" is used effectively in the code.

This import is used to leverage the maps.Keys function in the move.NewAppModule call, which is a valid use case. Just ensure that this library is maintained and compatible with your project's Go version to avoid future issues.

Comment on lines +61 to +66
func (k Keeper) InitGenesis(ctx context.Context, moduleNames []string, genState types.GenesisState) error {
// create all module addresses
sort.StringSlice(moduleNames).Sort()
for _, moduleName := range moduleNames {
k.authKeeper.GetModuleAccount(ctx, moduleName)
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

The search did not reveal any validation logic for moduleNames before they are used in the InitGenesis function. This indicates a potential issue with the code.

  • Ensure that moduleNames are properly validated before use to avoid potential errors from malformed names.

Category:

Analysis chain

The InitGenesis function has been modified to accept a moduleNames parameter which is sorted and used to retrieve module accounts. Ensure that the moduleNames are properly validated before use to avoid potential errors from malformed names.

Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Verify that moduleNames are validated before being used in InitGenesis.

# Test: Search for validation logic related to moduleNames.
rg --type go $'moduleNames' -A 10 | grep 'validate'

Length of output: 48



Script:

#!/bin/bash
# Description: Check for validation logic for moduleNames in the entire codebase.

# Search for validation function definitions and usages related to moduleNames.
rg --type go 'func validate' -A 10
rg --type go 'validate(moduleNames)'

Length of output: 14551

Comment on lines +40 to +44
FunctionNameCoinBalance = "balance"
FunctionNameCoinRegister = "register"
FunctionNameCoinTransfer = "transfer"
FunctionNameCoinSudoTransfer = "sudo_transfer"
FunctionNameCoinWhitelist = "whitelist"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

The context around the identified lines in both x/move/types/connector.go and benchmark/app_test.go shows that FunctionNameCoinTransfer is still defined and used. This indicates that the renaming to FunctionNameCoinSudoTransfer might be incomplete or inconsistent.

  • x/move/types/connector.go (line 42): FunctionNameCoinTransfer is defined alongside FunctionNameCoinSudoTransfer.
  • benchmark/app_test.go (line 147): FunctionNameCoinTransfer is used in a test case.

This confirms that the renaming process has not been fully propagated across the codebase.

  • x/move/types/connector.go: Line 42
  • benchmark/app_test.go: Line 147

Please ensure that all instances of FunctionNameCoinTransfer are updated to FunctionNameCoinSudoTransfer where appropriate to maintain consistency.

Analysis chain

Ensure consistency in function naming conventions.

The renaming of FunctionNameCoinTransfer to FunctionNameCoinSudoTransfer suggests a similar elevation in privilege requirements as seen with the managed coin functions. Confirm that all related function calls across the codebase have been updated to reflect these changes.

Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Check for consistent usage of renamed coin functions.

# Test: Search for old function names to ensure they are no longer used.
rg --type go $'FunctionNameCoinTransfer'

Length of output: 183



Script:

#!/bin/bash
# Check the context and usage of FunctionNameCoinTransfer in the identified files.

# Extract relevant lines from x/move/types/connector.go
rg --type go --line-number 'FunctionNameCoinTransfer' x/move/types/connector.go

# Extract relevant lines from benchmark/app_test.go
rg --type go --line-number 'FunctionNameCoinTransfer' benchmark/app_test.go

Length of output: 258



Script:

#!/bin/bash
# Extract surrounding lines for context in the identified files.

# Extract lines around the definition in x/move/types/connector.go
rg --type go --context 5 --line-number 'FunctionNameCoinTransfer' x/move/types/connector.go

# Extract lines around the usage in benchmark/app_test.go
rg --type go --context 5 --line-number 'FunctionNameCoinTransfer' benchmark/app_test.go

Length of output: 1039

Copy link
Contributor

@sh-cha sh-cha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@beer-1 beer-1 merged commit 43cfa4a into main Jun 20, 2024
3 of 4 checks passed
@beer-1 beer-1 deleted the feat/blocked-addrs branch June 20, 2024 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants