feat(security-ante): Add an authz guard to disable authz Ethereum txs and provide additional security around the default functionality exposed by the module. #1915
Labels
x: evm
Relates to Nibiru EVM or the EVM Module
Abstract
I mentioned some concerns around the security of
x/authz
in the 2024-06-05 engineering standup.References:
Context
I was curious about permissions code related to Interchain Accounts (ICA) and its
security conditions surrounding authorization. I noticed on Osmosis and a few
other blockchains, the developers seemed apprehensive to include all messages as
permissible for
x/authz
, or at least, many developers seemed to put a lot ofthought into which ones should be viable.
For context, the "x/authz" (short for authorization) Cosmos-SDK module allows one account, the granter, to grant arbitrary privileges to another account, the grantee, on a TxMsg-wise basis. For example, the granter can allow the grantee to send funds from the granter's balance up to a certain spending limit, restricted to an optional allowlist of recipient addresses.
The text was updated successfully, but these errors were encountered: