Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
cosmossdk.io/x/feegrant
x/feegrant
This document specifies the fee grant module. For the full ADR, please see Fee Grant ADR-029.
This module allows accounts to grant fee allowances and to use fees from their accounts. Grantees can execute any transaction without the need to maintain sufficient fees.
Grant
is stored in the KVStore to record a grant with full context. Every grant will contain granter
, grantee
and what kind of allowance
is granted. granter
is an account address who is giving permission to grantee
(the beneficiary account address) to pay for some or all of grantee
's transaction fees. allowance
defines what kind of fee allowance (BasicAllowance
or PeriodicAllowance
, see below) is granted to grantee
. allowance
accepts an interface which implements FeeAllowanceI
, encoded as Any
type. There can be only one existing fee grant allowed for a grantee
and granter
, self grants are not allowed.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L83-L93
FeeAllowanceI
looks like:
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/fees.go#L9-L32
There are two types of fee allowances present at the moment:
BasicAllowance
PeriodicAllowance
AllowedMsgAllowance
BasicAllowance
is permission for grantee
to use fee from a granter
's account. If any of the spend_limit
or expiration
reaches its limit, the grant will be removed from the state.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L15-L28
spend_limit
is the limit of coins that are allowed to be used from the granter
account. If it is empty, it assumes there's no spend limit, grantee
can use any number of available coins from granter
account address before the expiration.
expiration
specifies an optional time when this allowance expires. If the value is left empty, there is no expiry for the grant.
When a grant is created with empty values for spend_limit
and expiration
, it is still a valid grant. It won't restrict the grantee
to use any number of coins from granter
and it won't have any expiration. The only way to restrict the grantee
is by revoking the grant.
PeriodicAllowance
is a repeating fee allowance for the mentioned period, we can mention when the grant can expire as well as when a period can reset. We can also define the maximum number of coins that can be used in a mentioned period of time.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L34-L68
basic
is the instance of BasicAllowance
which is optional for periodic fee allowance. If empty, the grant will have no expiration
and no spend_limit
.
period
is the specific period of time, after each period passes, period_can_spend
will be reset.
period_spend_limit
specifies the maximum number of coins that can be spent in the period.
period_can_spend
is the number of coins left to be spent before the period_reset time.
period_reset
keeps track of when a next period reset should happen.
AllowedMsgAllowance
is a fee allowance, it can be any of BasicFeeAllowance
, PeriodicAllowance
but restricted only to the allowed messages mentioned by the granter.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L70-L81
allowance
is either BasicAllowance
or PeriodicAllowance
.
allowed_messages
is array of messages allowed to execute the given allowance.
feegrant
module introduces a FeeGranter
flag for CLI for the sake of executing transactions with fee granter. When this flag is set, clientCtx
will append the granter account address for transactions generated through CLI.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/cmd.go#L249-L260
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx/tx.go#L109-L109
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/builder.go#L275-L284
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L203-L224
Example cmd:
./simd tx gov submit-proposal --title="Test Proposal" --description="My awesome proposal" --type="Text" --from validator-key --fee-granter=cosmos1xh44hxt7spr67hqaa7nyx5gnutrz5fraw6grxn --chain-id=testnet --fees="10stake"
Fees are deducted from grants in the x/auth
ante handler. To learn more about how ante handlers work, read the Auth Module AnteHandlers Guide.
In order to prevent DoS attacks, using a filtered x/feegrant
incurs gas. The SDK must assure that the grantee
's transactions all conform to the filter set by the granter
. The SDK does this by iterating over the allowed messages in the filter and charging 10 gas per filtered message. The SDK will then iterate over the messages being sent by the grantee
to ensure the messages adhere to the filter, also charging 10 gas per message. The SDK will stop iterating and fail the transaction if it finds a message that does not conform to the filter.
WARNING: The gas is charged against the granted allowance. Ensure your messages conform to the filter, if any, before sending transactions using your allowance.
A queue in the state maintained with the prefix of expiration of the grants and checks them on EndBlock with the current block time for every block to prune.
Fee Allowances are identified by combining Grantee
(the account address of fee allowance grantee) with the Granter
(the account address of fee allowance granter).
Fee allowance grants are stored in the state as follows:
0x00 | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> ProtocolBuffer(Grant)
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/feegrant.pb.go#L222-L230
Fee Allowances queue items are identified by combining the FeeAllowancePrefixQueue
(i.e., 0x01), expiration
, grantee
(the account address of fee allowance grantee), granter
(the account address of fee allowance granter). Endblocker checks FeeAllowanceQueue
state for the expired grants and prunes them from FeeAllowance
if there are any found.
Fee allowance queue keys are stored in the state as follows:
0x01 | expiration_bytes | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> EmptyBytes
A fee allowance grant will be created with the MsgGrantAllowance
message.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L25-L39
An allowed grant fee allowance can be removed with the MsgRevokeAllowance
message.
https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L41-L54
The feegrant module emits the following events:
Type | Attribute Key | Attribute Value |
---|---|---|
message | action | set_feegrant |
message | granter | {granterAddress} |
message | grantee | {granteeAddress} |
Type | Attribute Key | Attribute Value |
---|---|---|
message | action | revoke_feegrant |
message | granter | {granterAddress} |
message | grantee | {granteeAddress} |
Type | Attribute Key | Attribute Value |
---|---|---|
message | action | use_feegrant |
message | granter | {granterAddress} |
message | grantee | {granteeAddress} |
Type | Attribute Key | Attribute Value |
---|---|---|
message | action | prune_feegrant |
message | pruner | {prunerAddress} |
A user can query and interact with the feegrant
module using the CLI.
The query
commands allow users to query feegrant
state.
simd query feegrant --help
The grant
command allows users to query a grant for a given granter-grantee pair.
simd query feegrant grant [granter] [grantee] [flags]
Example:
simd query feegrant grant cosmos1.. cosmos1..
Example Output:
allowance:
'@type': /cosmos.feegrant.v1beta1.BasicAllowance
expiration: null
spend_limit:
- amount: "100"
denom: stake
grantee: cosmos1..
granter: cosmos1..
The grants
command allows users to query all grants for a given grantee.
simd query feegrant grants [grantee] [flags]
Example:
simd query feegrant grants cosmos1..
Example Output:
allowances:
- allowance:
'@type': /cosmos.feegrant.v1beta1.BasicAllowance
expiration: null
spend_limit:
- amount: "100"
denom: stake
grantee: cosmos1..
granter: cosmos1..
pagination:
next_key: null
total: "0"
The tx
commands allow users to interact with the feegrant
module.
simd tx feegrant --help
The grant
command allows users to grant fee allowances to another account. The fee allowance can have an expiration date, a total spend limit, and/or a periodic spend limit.
simd tx feegrant grant [granter] [grantee] [flags]
Example (one-time spend limit):
simd tx feegrant grant cosmos1.. cosmos1.. --spend-limit 100stake
Example (periodic spend limit):
simd tx feegrant grant cosmos1.. cosmos1.. --period 3600 --period-limit 10stake
The revoke
command allows users to revoke a granted fee allowance.
simd tx feegrant revoke [granter] [grantee] [flags]
Example:
simd tx feegrant revoke cosmos1.. cosmos1..
A user can query the feegrant
module using gRPC endpoints.
The Allowance
endpoint allows users to query a granted fee allowance.
cosmos.feegrant.v1beta1.Query/Allowance
Example:
grpcurl -plaintext \
-d '{"grantee":"cosmos1..","granter":"cosmos1.."}' \
localhost:9090 \
cosmos.feegrant.v1beta1.Query/Allowance
Example Output:
{
"allowance": {
"granter": "cosmos1..",
"grantee": "cosmos1..",
"allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]}
}
}
The Allowances
endpoint allows users to query all granted fee allowances for a given grantee.
cosmos.feegrant.v1beta1.Query/Allowances
Example:
grpcurl -plaintext \
-d '{"address":"cosmos1.."}' \
localhost:9090 \
cosmos.feegrant.v1beta1.Query/Allowances
Example Output:
{
"allowances": [
{
"granter": "cosmos1..",
"grantee": "cosmos1..",
"allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]}
}
],
"pagination": {
"total": "1"
}
}
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.