feat(security-ante): Add an authz guard to disable authz Ethereum txs and provide additional security around the default functionality exposed by the module.

[Unique-Divine]

Abstract

I mentioned some concerns around the security of x/authz in the 2024-06-05 engineering standup.

• [ ] Implement an "authz guard"
• [ ] Document why such a guard exists in this GitHub issue.

References:

1. Govmos. 2024. AuthZ module: Education on the risks is needed! - Cosmos Hub Forum
2. Osmosis V12 ICA message updates

---

Context

I was curious about permissions code related to Interchain Accounts (ICA) and its security conditions surrounding authorization. I noticed on Osmosis and a few other blockchains, the developers seemed apprehensive to include all messages as permissible for x/authz, or at least, many developers seemed to put a lot of thought into which ones should be viable.

For context, the "x/authz" (short for authorization) Cosmos-SDK module allows one account, the granter, to grant arbitrary privileges to another account, the grantee, on a TxMsg-wise basis. For example, the granter can allow the grantee to send funds from the granter's balance up to a certain spending limit, restricted to an optional allowlist of recipient addresses.

"As we see more and more Cosmos based chains rolling out the “AuthZ” module we think it is important to have a larger debate on the potential security breach it can cause to unaware users. It is even more important to be proactive right here in the Hub because we also have the Liquid Staking Module module (LSM) which can further fuel the fire if combined with malicious AuthZ usage. As we wait to get an appropriate response from wallet providers introducing visible warnings on potential risky transactions approval, we need to have our community informed of both the wonders and the dangers that come along with this module."