Compare the signer of the normal message and the signer of MsgExcute

CHANGELOG.md

@@ -49,6 +49,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/zkauth) [\#1280](https://github.com/Finschia/finschia-sdk/pull/1280) Fetch jwk considering goroutine exit
 
 ### Bug Fixes
+* (x/zkauth) [\#1291](https://github.com/Finschia/finschia-sdk/pull/1291) Compare the signer of the normal message and the signer of MsgExcute
 
 ### Removed
 

x/zkauth/keeper/keeper.go

@@ -52,13 +52,16 @@
 	return ctx.Logger().With("module", fmt.Sprintf("x/%s", types.ModuleName))
 }
 
-func (k Keeper) DispatchMsgs(ctx sdk.Context, msgs []sdk.Msg) ([][]byte, error) {
+func (k Keeper) DispatchMsgs(ctx sdk.Context, msgs []sdk.Msg, author sdk.AccAddress) ([][]byte, error) {
 	results := make([][]byte, 0, len(msgs))
 	for i, msg := range msgs {
 		signers := msg.GetSigners()
 		if len(signers) != 1 {
 			return nil, sdkerrors.ErrInvalidRequest.Wrap("authorization can be given to msg with only one signer")
 		}
+		if !author.Equals(signers[0]) {
+			return nil, sdkerrors.ErrUnauthorized.Wrapf("bad signer; expected %s, got %s", author, signers[0])
+		}
 		if err := msg.ValidateBasic(); err != nil {
 			return nil, err
 		}

x/zkauth/keeper/keeper_test.go

@@ -2,6 +2,7 @@ package keeper_test
 
 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
@@ -81,9 +82,10 @@ func TestDispatchMsgs(t *testing.T) {
 	testApp := testutil.ZkAuthKeeper(t)
 	app, k, ctx := testApp.Simapp, testApp.ZKAuthKeeper, testApp.Ctx
 
-	addrs := simapp.AddTestAddrs(app, ctx, 2, sdk.NewInt(100))
-	fromAddr := addrs[0]
-	toAddr := addrs[1]
+	addrs := simapp.AddTestAddrs(app, ctx, 1, sdk.NewInt(100))
+	fromAddr := sdk.MustAccAddressFromBech32("link1f7j46mgxr3d5tgn3qsnn9ep8j77yr8w4ks0f3lpzz9rhnwja9vcqej33ld")
+	toAddr := addrs[0]
+	err := simapp.FundAccount(app, ctx, fromAddr, sdk.NewCoins(sdk.NewCoin(app.StakingKeeper.BondDenom(ctx), sdk.NewInt(100))))
 
 	newCoins := sdk.NewCoins(sdk.NewInt64Coin("stake", 5))
 
@@ -93,13 +95,27 @@ func TestDispatchMsgs(t *testing.T) {
 		ToAddress:   toAddr.String(),
 	}
 
-	zkAuthSig := types.ZKAuthSignature{}
+	testProofB64 := "eyJwaV9hIjpbIjM0MjM1MjQ3MjQzMDgyMDE5Mzc5NTQyMDUwMjA3MTMyNDg0MTg5OTQ5NjEzODk1OTcxODgxNjk1ODg4Njk5Mzg0MDgyMjI1NjE2MzAiLCI4OTQ1NzMxODIxOTg1NDU0MTcwNDA5MjQ2MjA4MDUxMzYwMzcxNzQ0NjUxOTYwNjg2MjQ5Njg1NjExMDI0NzQ4MjQ5MDk2NjUyNDAwIiwiMSJdLCJwaV9iIjpbWyIxNjE3NzgwNjczNzQ1MTg2MDY3NDk3NTAxNjI1MjExODM3NDU0NDU5NjE5NzcxMDAyNjYzMjAxMTg2MTg4OTM4NDkxMDc3MTU5ODUwIiwiMTAzODU2MDMyMjQzMDc2MDQxMjM5NjI2NzAyMzA3NDcxNDM2NDc2ODAxOTAwNTQzNzU3OTE5NjAxNjYwMTY2NzMyNTcwNjE5ODExNjgiXSxbIjYyMTE1NjA5NTUzMTE1NzgxNDcwMzEzMjAzMTE1MzAyODM5MzgwMDY5MTIyMjAwMTUwODM1MTIxODg2MDI5MzU0MjA4Mjk5MjY1NCIsIjEzODUwMDYzMTA5ODg2MTE3MDcwNzgzMzIxNDk1ODI4MzQ2MTg3ODQ3OTM3OTIyMDMyNTI2NzU3MTU2MDg0MjUzMTU4NTc0NjgyMTYyIl0sWyIxIiwiMCJdXSwicGlfYyI6WyIxMDE0MTM1NTQwNTE1MDg5MzQ1MjY3NTUwMTE4Mjk4MTY1MzY5NDI1MzM0MzMyMjAyNzM1OTgwNTU0NzYxODgyODE4NjU3NDU5MTA4IiwiNDkzMjY5MjI2OTcyOTIyNDQ4NjI1MDI0MDAyMjI4NTQ4NzE1MjYzNTkwNjAzMzA1ODYwNjgwMjI2Nzg4Nzg5NjE2MTU2NTM4MzYiLCIxIl19"
+	testProof, err := base64.StdEncoding.DecodeString(testProofB64)
+	require.NoError(t, err)
+
+	zkAuthSig := types.ZKAuthSignature{
+		ZkAuthInputs: &types.ZKAuthInputs{
+			ProofPoints:  testProof,
+			IssBase64:    "aHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29t",
+			HeaderBase64: "eyJhbGciOiJSUzI1NiIsImtpZCI6ImFkZjVlNzEwZWRmZWJlY2JlZmE5YTYxNDk1NjU0ZDAzYzBiOGVkZjgiLCJ0eXAiOiJKV1QifQ",
+			AddressSeed:  "16929294337693897740349056748881744503581363933815798702166939594477679063350",
+		},
+		MaxBlockHeight: 104,
+	}
 
 	msgs := types.NewMsgExecution([]sdk.Msg{&bankMsg}, zkAuthSig)
 
 	execMsgs, err := msgs.GetMessages()
 	require.NoError(t, err)
-	result, err := k.DispatchMsgs(ctx, execMsgs)
+	// zksigner is assumed to be one
+	zksigner := msgs.GetSigners()[0]
+	result, err := k.DispatchMsgs(ctx, execMsgs, zksigner)
 
 	require.NoError(t, err)
 	require.NotNil(t, result)

x/zkauth/keeper/msg_server.go

@@ -27,7 +27,10 @@ func (k msgServer) Execution(goCtx context.Context, msg *types.MsgExecution) (*t
 		return nil, err
 	}
 
-	results, err := k.DispatchMsgs(ctx, msgs)
+	// zksigner is assumed to be one
+	zksigner := msg.GetSigners()[0]
+
+	results, err := k.DispatchMsgs(ctx, msgs, zksigner)
 	if err != nil {
 		return nil, err
 	}

x/zkauth/keeper/msg_server_test.go

@@ -1,6 +1,7 @@
 package keeper_test
 
 import (
+	"encoding/base64"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -23,16 +24,29 @@ func TestExecution(t *testing.T) {
 	msgServer, app, ctx := setupMsgServer(t)
 	newCoins := sdk.NewCoins(sdk.NewInt64Coin("stake", 5))
 	addrs := simapp.AddTestAddrs(app, ctx, 2, sdk.NewInt(100))
-	fromAddr := addrs[0]
-	toAddr := addrs[1]
+	fromAddr := sdk.MustAccAddressFromBech32("link1f7j46mgxr3d5tgn3qsnn9ep8j77yr8w4ks0f3lpzz9rhnwja9vcqej33ld")
+	toAddr := addrs[0]
+	err := simapp.FundAccount(app, ctx, fromAddr, sdk.NewCoins(sdk.NewCoin(app.StakingKeeper.BondDenom(ctx), sdk.NewInt(100))))
 
 	bankMsg := banktypes.MsgSend{
 		Amount:      newCoins,
 		FromAddress: fromAddr.String(),
 		ToAddress:   toAddr.String(),
 	}
 
-	zkAuthSig := types.ZKAuthSignature{}
+	testProofB64 := "eyJwaV9hIjpbIjM0MjM1MjQ3MjQzMDgyMDE5Mzc5NTQyMDUwMjA3MTMyNDg0MTg5OTQ5NjEzODk1OTcxODgxNjk1ODg4Njk5Mzg0MDgyMjI1NjE2MzAiLCI4OTQ1NzMxODIxOTg1NDU0MTcwNDA5MjQ2MjA4MDUxMzYwMzcxNzQ0NjUxOTYwNjg2MjQ5Njg1NjExMDI0NzQ4MjQ5MDk2NjUyNDAwIiwiMSJdLCJwaV9iIjpbWyIxNjE3NzgwNjczNzQ1MTg2MDY3NDk3NTAxNjI1MjExODM3NDU0NDU5NjE5NzcxMDAyNjYzMjAxMTg2MTg4OTM4NDkxMDc3MTU5ODUwIiwiMTAzODU2MDMyMjQzMDc2MDQxMjM5NjI2NzAyMzA3NDcxNDM2NDc2ODAxOTAwNTQzNzU3OTE5NjAxNjYwMTY2NzMyNTcwNjE5ODExNjgiXSxbIjYyMTE1NjA5NTUzMTE1NzgxNDcwMzEzMjAzMTE1MzAyODM5MzgwMDY5MTIyMjAwMTUwODM1MTIxODg2MDI5MzU0MjA4Mjk5MjY1NCIsIjEzODUwMDYzMTA5ODg2MTE3MDcwNzgzMzIxNDk1ODI4MzQ2MTg3ODQ3OTM3OTIyMDMyNTI2NzU3MTU2MDg0MjUzMTU4NTc0NjgyMTYyIl0sWyIxIiwiMCJdXSwicGlfYyI6WyIxMDE0MTM1NTQwNTE1MDg5MzQ1MjY3NTUwMTE4Mjk4MTY1MzY5NDI1MzM0MzMyMjAyNzM1OTgwNTU0NzYxODgyODE4NjU3NDU5MTA4IiwiNDkzMjY5MjI2OTcyOTIyNDQ4NjI1MDI0MDAyMjI4NTQ4NzE1MjYzNTkwNjAzMzA1ODYwNjgwMjI2Nzg4Nzg5NjE2MTU2NTM4MzYiLCIxIl19"
+	testProof, err := base64.StdEncoding.DecodeString(testProofB64)
+	require.NoError(t, err)
+
+	zkAuthSig := types.ZKAuthSignature{
+		ZkAuthInputs: &types.ZKAuthInputs{
+			ProofPoints:  testProof,
+			IssBase64:    "aHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29t",
+			HeaderBase64: "eyJhbGciOiJSUzI1NiIsImtpZCI6ImFkZjVlNzEwZWRmZWJlY2JlZmE5YTYxNDk1NjU0ZDAzYzBiOGVkZjgiLCJ0eXAiOiJKV1QifQ",
+			AddressSeed:  "16929294337693897740349056748881744503581363933815798702166939594477679063350",
+		},
+		MaxBlockHeight: 104,
+	}
 
 	msgs := types.NewMsgExecution([]sdk.Msg{&bankMsg}, zkAuthSig)