Merge branch 'main' into releases/v2.0.0

Author: k-yang

.github/issue-labeler-config.yml

@@ -0,0 +1,3 @@
+# Adds the "S-triage" label ot any issue that gets opened.
+S-triage: 
+  - '/.*/' 

.github/workflows/e2e-wasm.yml

@@ -1,4 +1,3 @@
----
 name: CosmWasm e2e tests
 
 on:

.github/workflows/gh-issues.yml

@@ -0,0 +1,38 @@
+name: "Auto-add GH issues to project"
+# Add all issues opened to the issue board for triage and assignment
+# GitHub Org and Project Automation
+# https://www.notion.so/nibiru/GitHub-Org-and-Project-Automation-c771d671109849ee9fda7c8b741cd66a?pvs=4
+
+on:
+  issues:
+    types: ["opened", "labeled"]
+
+permissions:
+  issues: write
+  contents: read
+
+jobs:
+  # https://github.com/actions/add-to-project
+  add-to-project:
+    name: "Add GH ticket to project"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          project-url: https://github.com/orgs/NibiruChain/projects/8
+          github-token: ${{ secrets.NIBIRU_PM }}
+
+  label-triage:
+    name: "Add GH ticket to project"
+    runs-on: ubuntu-latest
+    # The action comes from the "Activty types" for the "issues" webhook event
+    # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#issues
+    if: "github.event.action == 'opened'"
+    steps:
+      - uses: github/[email protected]
+        if: join(github.event.issue.labels) == ''
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          configuration-path: ".github/issue-labeler-config.yml"
+          enable-versioned-regex: 0
+          not-before: "2024-05-01T00:00:00Z"

.github/workflows/proto-lint.yml

@@ -22,7 +22,7 @@ jobs:
   #     timeout-minutes: 5
   #     steps:
   #       - uses: actions/checkout@v4
-  #       - uses: bufbuild/buf-setup-action@v1.36.0
+  #       - uses: bufbuild/buf-setup-action@v1.43.0
   #       - uses: bufbuild/buf-lint-action@v1
   #         with:
   #           input: "proto"
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: bufbuild/buf-setup-action@v1.36.0
+      - uses: bufbuild/buf-setup-action@v1.43.0
         with:
           github_token: ${{ github.token }}
       - uses: bufbuild/buf-breaking-action@v1

.gitignore

@@ -20,6 +20,7 @@ temp*
 txout.json
 vote.json
 **__pycache**
+scratch-paper.md
 
 ### TypeScript and Friends
 

CHANGELOG.md

@@ -109,14 +109,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [#2003](https://github.com/NibiruChain/nibiru/pull/2003) - fix(evm): fix FunToken conversions between Cosmos and EVM
 - [#2004](https://github.com/NibiruChain/nibiru/pull/2004) - refactor(evm)!: replace `HexAddr` with `EIP55Addr`
 - [#2006](https://github.com/NibiruChain/nibiru/pull/2006) - test(evm): e2e tests for eth_* endpoints
-- [#2008](https://github.com/NibiruChain/nibiru/pull/2008) - refactor(evm): clean up precompile setups 
+- [#2008](https://github.com/NibiruChain/nibiru/pull/2008) - refactor(evm): clean up precompile setups
 - [#2013](https://github.com/NibiruChain/nibiru/pull/2013) - chore(evm): Set appropriate gas value for the required gas of the "IFunToken.sol" precompile.
 - [#2014](https://github.com/NibiruChain/nibiru/pull/2014) - feat(evm): Emit block bloom event in EndBlock hook.
 - [#2017](https://github.com/NibiruChain/nibiru/pull/2017) - fix(evm): Fix DynamicFeeTx gas cap parameters
 - [#2019](https://github.com/NibiruChain/nibiru/pull/2019) - chore(evm): enabled debug rpc api on localnet.
 - [#2020](https://github.com/NibiruChain/nibiru/pull/2020) - test(evm): e2e tests for debug namespace
 - [#2022](https://github.com/NibiruChain/nibiru/pull/2022) - feat(evm): debug_traceCall method implemented
 - [#2023](https://github.com/NibiruChain/nibiru/pull/2023) - fix(evm)!: adjusted generation and parsing of the block bloom events
+- [#2030](https://github.com/NibiruChain/nibiru/pull/2030) - refactor(eth/rpc): Delete unused code and improve logging in the eth and debug namespaces
+- [#2031](https://github.com/NibiruChain/nibiru/pull/2031) - fix(evm): debug calls with custom tracer and tracer options
+- [#2032](https://github.com/NibiruChain/nibiru/pull/2032) - feat(evm): ante handler to prohibit authz grant evm messages
+- [#2039](https://github.com/NibiruChain/nibiru/pull/2039) - refactor(rpc-backend): remove unnecessary interface code
+- [#2044](https://github.com/NibiruChain/nibiru/pull/2044) - feat(evm): evm tx indexer service implemented
+- [#2045](https://github.com/NibiruChain/nibiru/pull/2045) - test(evm): backend tests with test network and real txs
+- [#2053](https://github.com/NibiruChain/nibiru/pull/2053) - refactor(evm): converted untyped event to typed and cleaned up
+- [#2054](https://github.com/NibiruChain/nibiru/pull/2054) - feat(evm-precompile): Precompile for one-way EVM calls to invoke/execute Wasm contracts. 
+- [#2060](https://github.com/NibiruChain/nibiru/pull/2060) - fix(evm-precompiles): add assertNumArgs validation
+- [#2056](https://github.com/NibiruChain/nibiru/pull/2056) - feat(evm): add oracle precompile
 
 #### Dapp modules: perp, spot, oracle, etc
 
@@ -146,6 +156,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [#1913](https://github.com/NibiruChain/nibiru/pull/1913) - fix(tests): race condition from heavy Network tests
 - [#1992](https://github.com/NibiruChain/nibiru/pull/1992) - chore: enabled grpc for localnet
 - [#1999](https://github.com/NibiruChain/nibiru/pull/1999) - chore: update nibi go package version to v2
+- [#2050](https://github.com/NibiruChain/nibiru/pull/2050) - refactor(oracle): remove unused code and collapse empty client/cli directory
 
 ### Dependencies
 
@@ -168,7 +179,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump `github.com/hashicorp/go-getter` from 1.7.1 to 1.7.5 ([#1858](https://github.com/NibiruChain/nibiru/pull/1858), [#1938](https://github.com/NibiruChain/nibiru/pull/1938))
 - Bump `github.com/btcsuite/btcd` from 0.23.3 to 0.24.0 ([#1862](https://github.com/NibiruChain/nibiru/pull/1862))
 - Bump `pozetroninc/github-action-get-latest-release` from 0.7.0 to 0.8.0 ([#1863](https://github.com/NibiruChain/nibiru/pull/1863))
-- Bump `bufbuild/buf-setup-action` from 1.30.1 to 1.36.0 ([#1891](https://github.com/NibiruChain/nibiru/pull/1891), [#1900](https://github.com/NibiruChain/nibiru/pull/1900), [#1923](https://github.com/NibiruChain/nibiru/pull/1923), [#1972](https://github.com/NibiruChain/nibiru/pull/1972), [#1974](https://github.com/NibiruChain/nibiru/pull/1974), [#1988](https://github.com/NibiruChain/nibiru/pull/1988))
+- Bump `bufbuild/buf-setup-action` from 1.30.1 to 1.43.0 ([#1891](https://github.com/NibiruChain/nibiru/pull/1891), [#1900](https://github.com/NibiruChain/nibiru/pull/1900), [#1923](https://github.com/NibiruChain/nibiru/pull/1923), [#1972](https://github.com/NibiruChain/nibiru/pull/1972), [#1974](https://github.com/NibiruChain/nibiru/pull/1974), [#1988](https://github.com/NibiruChain/nibiru/pull/1988), [#2043](https://github.com/NibiruChain/nibiru/pull/2043), [#2057](https://github.com/NibiruChain/nibiru/pull/2057))
+- Bump `axios` from 1.7.3 to 1.7.4 ([#2016](https://github.com/NibiruChain/nibiru/pull/2016))
 
 ## [v1.5.0](https://github.com/NibiruChain/nibiru/releases/tag/v1.5.0) - 2024-06-21
 

README.md

@@ -28,7 +28,7 @@ If you have questions or concerns, feel free to connect with a developer or comm
 
 | Module                        | Description                                                                                                                                                                                                                              |
 | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [Wasm][code-x-wasm]           | Implements the execution environment for WebAssembly (WASM) smart contracts. CosmWasm smart contracts are Rust-based, Wasm smart contracts built for enhanced security, performance, and interoperability. See our [CosmWasm sandbox monorepo (cw-nibiru)](https://github.com/NibiruChain/cw-nibiru/tree/main) for the protocol's core smart contracts. |
+| [Wasm][code-x-wasm]           | Implements the execution environment for WebAssembly (WASM) smart contracts. CosmWasm smart contracts are Rust-based, Wasm smart contracts built for enhanced security, performance, and interoperability. See our [CosmWasm sandbox monorepo (nibiru-wasm)](https://github.com/NibiruChain/nibiru-wasm/tree/main) for the protocol's core smart contracts. |
 | [EVM][code-x-evm] | Implements Nibiru EVM, which manages an Ethereum Virtual Machine (EVM) state database and enables the execution of Ethereum smart contracts. Nibiru EVM is an extension of "[geth](https://github.com/ethereum/go-ethereum)" along with "web3" and "eth" JSON-RPC methods. |
 | [Devgas][code-x-devgas]       | The `devgas` module of Nibiru Chain shares contract execution fees with smart contract developers. This aims to increase the adoption of Nibiru by offering CosmWasm smart contract developers a direct source of income based on usage. |
 | [Epochs][code-x-epochs]       | The `epochs` module allows other modules to set hooks to be called to execute code automatically on a period basis. For example, "once a week, starting at UTC-time = x". `epochs` creates a generalized epoch interface.                |

app/ante.go

@@ -62,6 +62,7 @@ func NewAnteHandlerNonEVM(
 ) sdk.AnteHandler {
 	return sdk.ChainAnteDecorators(
 		ante.AnteDecoratorPreventEtheruemTxMsgs{}, // reject MsgEthereumTxs
+		ante.AnteDecoratorAuthzGuard{},            // disable certain messages in authz grant "generic"
 		authante.NewSetUpContextDecorator(),
 		wasmkeeper.NewLimitSimulationGasDecorator(opts.WasmConfig.SimulationGasLimit),
 		wasmkeeper.NewCountTXDecorator(opts.TxCounterStoreKey),

app/ante/auth_grard_test.go

@@ -0,0 +1,138 @@
+package ante_test
+
+import (
+	"time"
+
+	sdkclienttx "github.com/cosmos/cosmos-sdk/client/tx"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/authz"
+	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
+	stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types"
+
+	"github.com/NibiruChain/nibiru/v2/app"
+	"github.com/NibiruChain/nibiru/v2/app/ante"
+	"github.com/NibiruChain/nibiru/v2/x/evm"
+	"github.com/NibiruChain/nibiru/v2/x/evm/evmtest"
+)
+
+func (s *AnteTestSuite) TestAnteDecoratorAuthzGuard() {
+	testCases := []struct {
+		name    string
+		txMsg   func() sdk.Msg
+		wantErr string
+	}{
+		{
+			name: "sad: authz generic grant with evm message",
+			txMsg: func() sdk.Msg {
+				someTime := time.Now()
+				expiryTime := someTime.Add(time.Hour)
+				genericGrant, err := authz.NewGrant(
+					someTime,
+					authz.NewGenericAuthorization(sdk.MsgTypeURL(&evm.MsgEthereumTx{})), &expiryTime,
+				)
+				s.Require().NoError(err)
+				return &authz.MsgGrant{Grant: genericGrant}
+			},
+			wantErr: "not allowed",
+		},
+		{
+			name: "happy: authz generic grant with non evm message",
+			txMsg: func() sdk.Msg {
+				someTime := time.Now()
+				expiryTime := someTime.Add(time.Hour)
+				genericGrant, err := authz.NewGrant(
+					someTime,
+					authz.NewGenericAuthorization(sdk.MsgTypeURL(&stakingtypes.MsgCreateValidator{})), &expiryTime,
+				)
+				s.Require().NoError(err)
+				return &authz.MsgGrant{Grant: genericGrant}
+			},
+			wantErr: "",
+		},
+		{
+			name: "happy: authz non generic grant",
+			txMsg: func() sdk.Msg {
+				someTime := time.Now()
+				expiryTime := someTime.Add(time.Hour)
+				genericGrant, err := authz.NewGrant(
+					someTime,
+					&banktypes.SendAuthorization{},
+					&expiryTime,
+				)
+				s.Require().NoError(err)
+				return &authz.MsgGrant{Grant: genericGrant}
+			},
+			wantErr: "",
+		},
+		{
+			name: "happy: non authz message",
+			txMsg: func() sdk.Msg {
+				return &evm.MsgEthereumTx{}
+			},
+			wantErr: "",
+		},
+		{
+			name: "sad: authz exec with a single evm message",
+			txMsg: func() sdk.Msg {
+				msgExec := authz.NewMsgExec(
+					sdk.AccAddress("nibiuser"),
+					[]sdk.Msg{
+						&evm.MsgEthereumTx{},
+					},
+				)
+				return &msgExec
+			},
+			wantErr: "ExtensionOptionsEthereumTx",
+		},
+		{
+			name: "sad: authz exec with evm message and non evm message",
+			txMsg: func() sdk.Msg {
+				msgExec := authz.NewMsgExec(
+					sdk.AccAddress("nibiuser"),
+					[]sdk.Msg{
+						&banktypes.MsgSend{},
+						&evm.MsgEthereumTx{},
+					},
+				)
+				return &msgExec
+			},
+			wantErr: "ExtensionOptionsEthereumTx",
+		},
+		{
+			name: "happy: authz exec without evm messages",
+			txMsg: func() sdk.Msg {
+				msgExec := authz.NewMsgExec(
+					sdk.AccAddress("nibiuser"),
+					[]sdk.Msg{
+						&banktypes.MsgSend{},
+					},
+				)
+				return &msgExec
+			},
+			wantErr: "",
+		},
+	}
+
+	for _, tc := range testCases {
+		s.Run(tc.name, func() {
+			deps := evmtest.NewTestDeps()
+			anteDec := ante.AnteDecoratorAuthzGuard{}
+
+			encCfg := app.MakeEncodingConfig()
+			txBuilder, err := sdkclienttx.Factory{}.
+				WithChainID(s.ctx.ChainID()).
+				WithTxConfig(encCfg.TxConfig).
+				BuildUnsignedTx(tc.txMsg())
+			s.Require().NoError(err)
+
+			_, err = anteDec.AnteHandle(
+				deps.Ctx, txBuilder.GetTx(), false, evmtest.NextNoOpAnteHandler,
+			)
+			if tc.wantErr != "" {
+				s.Require().ErrorContains(err, tc.wantErr)
+				return
+			}
+			s.Require().NoError(err)
+		})
+	}
+}

app/ante/authz_guard.go

@@ -1,9 +1,67 @@
+// Copyright (c) 2023-2024 Nibi, Inc.
 package ante
 
-// TODO: https://github.com/NibiruChain/nibiru/issues/1915
-// feat(ante): Add an authz guard to disable authz Ethereum txs and provide
-// additional security around the default functionality exposed by the module.
-//
-// Implemenetation Notes
-// UD-NOTE - IsAuthzMessage fn. Use authz import with module name
-// UD-NOTE - Define set of disabled txMsgs
+import (
+	"cosmossdk.io/errors"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	errortypes "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/x/authz"
+
+	"github.com/NibiruChain/nibiru/v2/x/evm"
+)
+
+// AnteDecoratorAuthzGuard filters autz messages
+type AnteDecoratorAuthzGuard struct{}
+
+// AnteHandle rejects "authz grant generic --msg-type '/eth.evm.v1.MsgEthereumTx'"
+// Also rejects authz exec tx.json with any MsgEthereumTx inside
+func (rmd AnteDecoratorAuthzGuard) AnteHandle(
+	ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler,
+) (newCtx sdk.Context, err error) {
+	for _, msg := range tx.GetMsgs() {
+		// Do not allow grant for MsgEthereumTx
+		if msgGrant, ok := msg.(*authz.MsgGrant); ok {
+			if msgGrant.Grant.Authorization == nil {
+				return ctx, errors.Wrapf(
+					errortypes.ErrInvalidType,
+					"grant authorization is missing",
+				)
+			}
+			authorization, err := msgGrant.Grant.GetAuthorization()
+			if err != nil {
+				return ctx, errors.Wrapf(
+					errortypes.ErrInvalidType,
+					"failed unmarshaling generic authorization %s", err,
+				)
+			}
+			if genericAuth, ok := authorization.(*authz.GenericAuthorization); ok {
+				if genericAuth.MsgTypeURL() == sdk.MsgTypeURL(&evm.MsgEthereumTx{}) {
+					return ctx, errors.Wrapf(
+						errortypes.ErrNotSupported,
+						"authz grant generic for msg type %s is not allowed",
+						genericAuth.MsgTypeURL(),
+					)
+				}
+			}
+		}
+		// Also reject MsgEthereumTx in exec
+		if msgExec, ok := msg.(*authz.MsgExec); ok {
+			msgsInExec, err := msgExec.GetMessages()
+			if err != nil {
+				return ctx, errors.Wrapf(
+					errortypes.ErrInvalidType,
+					"failed getting exec messages %s", err,
+				)
+			}
+			for _, msgInExec := range msgsInExec {
+				if _, ok := msgInExec.(*evm.MsgEthereumTx); ok {
+					return ctx, errors.Wrapf(
+						errortypes.ErrInvalidType,
+						"MsgEthereumTx needs to be contained within a tx with 'ExtensionOptionsEthereumTx' option",
+					)
+				}
+			}
+		}
+	}
+	return next(ctx, tx, simulate)
+}