feat: liquidstaking module

Makefile

@@ -39,6 +39,7 @@ PROJECT := canto
 DOCKER_IMAGE := $(NAMESPACE)/$(PROJECT)
 COMMIT_HASH := $(shell git rev-parse --short=7 HEAD)
 DOCKER_TAG := $(COMMIT_HASH)
+REPO=github.com/Canto-Network/Canto/v7
 
 export GO111MODULE = on
 
@@ -93,6 +94,9 @@ ldflags = -X github.com/cosmos/cosmos-sdk/version.Name=canto \
           -X "github.com/cosmos/cosmos-sdk/version.BuildTags=$(build_tags_comma_sep)" \
           -X github.com/tendermint/tendermint/version.TMCoreSemVer=$(TMVERSION)
 
+testing_ldflags = -X github.com/Canto-Network/Canto/v7/app.enableAdvanceEpoch=true \
+				  -X github.com/Canto-Network/Canto/v7/app.epochPerBlock=5
+
 # DB backend selection
 ifeq (cleveldb,$(findstring cleveldb,$(COSMOS_BUILD_OPTIONS)))
   ldflags += -X github.com/cosmos/cosmos-sdk/types.DBBackend=cleveldb
@@ -124,6 +128,8 @@ ifeq (,$(findstring nostrip,$(COSMOS_BUILD_OPTIONS)))
   BUILD_FLAGS += -trimpath
 endif
 
+TESTING_BUILD_FLAGS := -tags "$(build_tags)" -ldflags '$(testing_ldflags) $(ldflags)'  -trimpath
+
 # # The below include contains the tools and runsim targets.
 # include contrib/devtools/Makefile
 
@@ -140,6 +146,9 @@ build-linux:
 $(BUILD_TARGETS): go.sum $(BUILDDIR)/
 	go $@ $(BUILD_FLAGS) $(BUILD_ARGS) ./...
 
+install-testing: go.sum
+	go install $(TESTING_BUILD_FLAGS) ./...
+
 $(BUILDDIR)/:
 	mkdir -p $(BUILDDIR)/
 

app/ante/cosmos/authz.go

@@ -24,8 +24,8 @@ import (
 	"github.com/cosmos/cosmos-sdk/x/authz"
 )
 
-// maxNestedMsgs defines a cap for the number of nested messages on a MsgExec message
-const maxNestedMsgs = 7
+// MaxNestedMsgs defines a cap for the number of nested messages on a MsgExec message
+const MaxNestedMsgs = 7
 
 // AuthzLimiterDecorator blocks certain msg types from being granted or executed
 // within the authorization module.
@@ -54,10 +54,10 @@ func (ald AuthzLimiterDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate
 // Otherwise any msg matching the disabled types are blocked, regardless of being in an authz msg or not.
 //
 // This method is recursive as MsgExec's can wrap other MsgExecs. The check for nested messages is performed up to the
-// maxNestedMsgs threshold. If there are more than that limit, it returns an error
+// MaxNestedMsgs threshold. If there are more than that limit, it returns an error
 func (ald AuthzLimiterDecorator) checkDisabledMsgs(msgs []sdk.Msg, isAuthzInnerMsg bool, nestedLvl int) error {
-	if nestedLvl >= maxNestedMsgs {
-		return fmt.Errorf("found more nested msgs than permited. Limit is : %d", maxNestedMsgs)
+	if nestedLvl >= MaxNestedMsgs {
+		return fmt.Errorf("found more nested msgs than permited. Limit is : %d", MaxNestedMsgs)
 	}
 	for _, msg := range msgs {
 		switch msg := msg.(type) {

app/ante/handler_options.go

@@ -1,13 +1,16 @@
 package ante
 
 import (
+	liquidstakingkeeper "github.com/Canto-Network/Canto/v7/x/liquidstaking/keeper"
 	"github.com/cosmos/cosmos-sdk/codec"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	"github.com/cosmos/cosmos-sdk/types/tx/signing"
 	"github.com/cosmos/cosmos-sdk/x/auth/ante"
 	authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
+	slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper"
+	stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper"
 	ibcante "github.com/cosmos/ibc-go/v3/modules/core/ante"
 	ibckeeper "github.com/cosmos/ibc-go/v3/modules/core/keeper"
 
@@ -21,17 +24,20 @@ import (
 // HandlerOptions defines the list of module keepers required to run the canto
 // AnteHandler decorators.
 type HandlerOptions struct {
-	AccountKeeper   evmtypes.AccountKeeper
-	BankKeeper      evmtypes.BankKeeper
-	IBCKeeper       *ibckeeper.Keeper
-	FeeMarketKeeper evmtypes.FeeMarketKeeper
-	EvmKeeper       ethante.EVMKeeper
-	FeegrantKeeper  ante.FeegrantKeeper
-	SignModeHandler authsigning.SignModeHandler
-	SigGasConsumer  func(meter sdk.GasMeter, sig signing.SignatureV2, params authtypes.Params) error
-	Cdc             codec.BinaryCodec
-	MaxTxGasWanted  uint64
-	Simulation      bool
+	AccountKeeper       evmtypes.AccountKeeper
+	BankKeeper          evmtypes.BankKeeper
+	IBCKeeper           *ibckeeper.Keeper
+	FeeMarketKeeper     evmtypes.FeeMarketKeeper
+	StakingKeeper       *stakingkeeper.Keeper
+	SlashingKeeper      *slashingkeeper.Keeper
+	EvmKeeper           ethante.EVMKeeper
+	FeegrantKeeper      ante.FeegrantKeeper
+	LiquidStakingKeeper *liquidstakingkeeper.Keeper
+	SignModeHandler     authsigning.SignModeHandler
+	SigGasConsumer      func(meter sdk.GasMeter, sig signing.SignatureV2, params authtypes.Params) error
+	Cdc                 codec.BinaryCodec
+	MaxTxGasWanted      uint64
+	Simulation          bool
 }
 
 // Validate checks if the keepers are defined
@@ -42,6 +48,9 @@ func (options HandlerOptions) Validate() error {
 	if options.BankKeeper == nil {
 		return sdkerrors.Wrap(sdkerrors.ErrLogic, "bank keeper is required for AnteHandler")
 	}
+	if options.SlashingKeeper == nil {
+		return sdkerrors.Wrap(sdkerrors.ErrLogic, "slashing keeper is required for AnteHandler")
+	}
 	if options.SignModeHandler == nil {
 		return sdkerrors.Wrap(sdkerrors.ErrLogic, "sign mode handler is required for ante builder")
 	}
@@ -87,6 +96,8 @@ func newCosmosAnteHandler(options HandlerOptions) sdk.AnteHandler {
 		ante.NewTxTimeoutHeightDecorator(),
 		ante.NewValidateMemoDecorator(options.AccountKeeper),
 		ante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper),
+		NewValCommissionChangeLimitDecorator(options.LiquidStakingKeeper, options.StakingKeeper, options.Cdc),
+		NewParamChangeLimitDecorator(options.SlashingKeeper, options.Cdc),
 		ante.NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper),
 		NewValidatorCommissionDecorator(options.Cdc),
 		// SetPubKeyDecorator must be called before all signature verification decorators
@@ -116,6 +127,7 @@ func newCosmosSimulationAnteHandler(options HandlerOptions) sdk.AnteHandler {
 		ante.NewTxTimeoutHeightDecorator(),
 		ante.NewValidateMemoDecorator(options.AccountKeeper),
 		ante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper),
+		//NewValCommissionChangeLimitDecorator(options.LiquidStakingKeeper, options.StakingKeeper, options.Cdc),
 		// NewParamChangeLimitDecorator(options.SlashingKeeper, options.Cdc),
 		ante.NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper),
 		// NewValidatorCommissionDecorator(options.Cdc),
@@ -144,6 +156,8 @@ func newCosmosAnteHandlerEip712(options HandlerOptions) sdk.AnteHandler {
 		ante.NewTxTimeoutHeightDecorator(),
 		ante.NewValidateMemoDecorator(options.AccountKeeper),
 		ante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper),
+		NewValCommissionChangeLimitDecorator(options.LiquidStakingKeeper, options.StakingKeeper, options.Cdc),
+		NewParamChangeLimitDecorator(options.SlashingKeeper, options.Cdc),
 		ante.NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper),
 		NewValidatorCommissionDecorator(options.Cdc),
 		// SetPubKeyDecorator must be called before all signature verification decorators

app/ante/param_change_ante.go

@@ -0,0 +1,152 @@
+package ante
+
+import (
+	"fmt"
+	"strconv"
+	"time"
+
+	"github.com/cosmos/cosmos-sdk/codec"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/x/authz"
+	govtypes "github.com/cosmos/cosmos-sdk/x/gov/types"
+	"github.com/cosmos/cosmos-sdk/x/params/types/proposal"
+	slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper"
+	slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types"
+	stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types"
+
+	authzante "github.com/Canto-Network/Canto/v7/app/ante/cosmos"
+	"github.com/Canto-Network/Canto/v7/types"
+)
+
+// ParamChangeLimitDecorator checks that the params change proposals for slashing and staking modules.
+// The liquidstaking module works closely with the slashing and staking module's params(e.g. MinimumCollateral constant is calculated based on the slashing params).
+// To reduce unexpected risks, it is important to limit the params change proposals for slashing and staking modules.
+type ParamChangeLimitDecorator struct {
+	slashingKeeper *slashingkeeper.Keeper
+	cdc            codec.BinaryCodec
+}
+
+// NewParamChangeLimitDecorator creates a new slashing param change limit decorator.
+func NewParamChangeLimitDecorator(
+	slashingKeeper *slashingkeeper.Keeper,
+	cdc codec.BinaryCodec,
+) ParamChangeLimitDecorator {
+	return ParamChangeLimitDecorator{
+		slashingKeeper: slashingKeeper,
+		cdc:            cdc,
+	}
+}
+
+func (pcld ParamChangeLimitDecorator) AnteHandle(
+	ctx sdk.Context,
+	tx sdk.Tx,
+	simulate bool,
+	next sdk.AnteHandler,
+) (newCtx sdk.Context, err error) {
+	msgs := tx.GetMsgs()
+	if err = pcld.ValidateMsgs(ctx, msgs); err != nil {
+		return ctx, err
+	}
+
+	return next(ctx, tx, simulate)
+}
+
+func (pcld ParamChangeLimitDecorator) ValidateMsgs(ctx sdk.Context, msgs []sdk.Msg) error {
+	var slashingParams slashingtypes.Params
+	var validMsg func(m sdk.Msg, nestedCnt int) error
+	validMsg = func(m sdk.Msg, nestedCnt int) error {
+		if nestedCnt >= authzante.MaxNestedMsgs {
+			return fmt.Errorf("found more nested msgs than permited. Limit is : %d", authzante.MaxNestedMsgs)
+		}
+		switch msg := m.(type) {
+		case *authz.MsgExec:
+			for _, v := range msg.Msgs {
+				var innerMsg sdk.Msg
+				if err := pcld.cdc.UnpackAny(v, &innerMsg); err != nil {
+					return sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, "cannot unmarshal authz exec msgs")
+				}
+				nestedCnt++
+				if err := validMsg(innerMsg, nestedCnt); err != nil {
+					return err
+				}
+			}
+
+		case *govtypes.MsgSubmitProposal:
+			switch c := msg.GetContent().(type) {
+			case *proposal.ParameterChangeProposal:
+				for _, c := range c.Changes {
+					switch c.GetSubspace() {
+					case slashingtypes.ModuleName:
+						slashingParams = pcld.slashingKeeper.GetParams(ctx)
+						switch c.GetKey() {
+						// SignedBlocksWindow, MinSignedPerWindow, DowntimeJailDuration are not allowed to be decreased.
+						// If we decrease these slashingParams, the slashing penalty can be increased.
+						case string(slashingtypes.KeySignedBlocksWindow):
+							window, err := strconv.ParseInt(c.GetValue(), 10, 64)
+							if err != nil {
+								return err
+							}
+							if window < slashingParams.SignedBlocksWindow {
+								return types.ErrInvalidSignedBlocksWindow
+							}
+						case string(slashingtypes.KeyMinSignedPerWindow):
+							minSignedPerWindow, err := sdk.NewDecFromStr(c.GetValue())
+							if err != nil {
+								return err
+							}
+							if minSignedPerWindow.LT(slashingParams.MinSignedPerWindow) {
+								return types.ErrInvalidMinSignedPerWindow
+							}
+						case string(slashingtypes.KeyDowntimeJailDuration):
+							downtimeJailDuration, err := strconv.ParseInt(c.GetValue(), 10, 64)
+							if err != nil {
+								return err
+							}
+							if time.Duration(downtimeJailDuration) < slashingParams.DowntimeJailDuration {
+								return types.ErrInvalidDowntimeJailDuration
+							}
+						// SlashFractionDoubleSign, SlashFractionDowntime are not allowed to be increased.
+						// If we increase these slashingParams, the slashing penalty can be increased.
+						case string(slashingtypes.KeySlashFractionDoubleSign):
+							slashFractionDoubleSign, err := sdk.NewDecFromStr(c.GetValue())
+							if err != nil {
+								return err
+							}
+							if slashFractionDoubleSign.GT(slashingParams.SlashFractionDoubleSign) {
+								return types.ErrInvalidSlashFractionDoubleSign
+							}
+						case string(slashingtypes.KeySlashFractionDowntime):
+							slashFractionDowntime, err := sdk.NewDecFromStr(c.GetValue())
+							if err != nil {
+								return err
+							}
+							if slashFractionDowntime.GT(slashingParams.SlashFractionDowntime) {
+								return types.ErrInvalidSlashFractionDowntime
+							}
+						}
+					case stakingtypes.ModuleName:
+						switch c.GetKey() {
+						case string(stakingtypes.KeyUnbondingTime):
+							return types.ErrChangingUnbondingPeriodForbidden
+						case string(stakingtypes.KeyBondDenom):
+							return types.ErrChangingBondDenomForbidden
+						}
+					}
+				}
+			default:
+				return nil
+			}
+		default:
+			return nil
+		}
+		return nil
+	}
+
+	for _, m := range msgs {
+		if err := validMsg(m, 1); err != nil {
+			return err
+		}
+	}
+	return nil
+}