Nibiru Chain: The breakthrough smart contract platform ushering in the next era of money. Nibiru powers an ecosystem of dApps including perps, RWAs, and more.
feat(security-ante): Add an authz guard to disable authz Ethereum txs and provide additional security around the default functionality exposed by the module. #1915
I was curious about permissions code related to Interchain Accounts (ICA) and its
security conditions surrounding authorization. I noticed on Osmosis and a few
other blockchains, the developers seemed apprehensive to include all messages as
permissible for x/authz, or at least, many developers seemed to put a lot of
thought into which ones should be viable.
For context, the "x/authz" (short for authorization) Cosmos-SDK module allows one account, the granter, to grant arbitrary privileges to another account, the grantee, on a TxMsg-wise basis. For example, the granter can allow the grantee to send funds from the granter's balance up to a certain spending limit, restricted to an optional allowlist of recipient addresses.
"As we see more and more Cosmos based chains rolling out the “AuthZ” module we
think it is important to have a larger debate on the potential security breach
it can cause to unaware users. It is even more important to be proactive right
here in the Hub because we also have the Liquid Staking Module module (LSM)
which can further fuel the fire if combined with malicious AuthZ usage. As we
wait to get an appropriate response from wallet providers introducing visible
warnings on potential risky transactions approval, we need to have our
community informed of both the wonders and the dangers that come along with
this module."
Abstract
I mentioned some concerns around the security of
x/authz
in the 2024-06-05 engineering standup.References:
Context
I was curious about permissions code related to Interchain Accounts (ICA) and its security conditions surrounding authorization. I noticed on Osmosis and a few other blockchains, the developers seemed apprehensive to include all messages as permissible for
x/authz
, or at least, many developers seemed to put a lot of thought into which ones should be viable.For context, the "x/authz" (short for authorization) Cosmos-SDK module allows one account, the granter, to grant arbitrary privileges to another account, the grantee, on a TxMsg-wise basis. For example, the granter can allow the grantee to send funds from the granter's balance up to a certain spending limit, restricted to an optional allowlist of recipient addresses.