support for tokens restricted with attributes

CHANGELOG.md

@@ -39,6 +39,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ### Features
 
+* Add support for tokens restricted marker sends with required attributes [#1256](https://github.com/provenance-io/provenance/issues/1256))
 * Allow markers to be configured to allow forced transfers [#1368](https://github.com/provenance-io/provenance/issues/1368).
 
 ### Improvements

app/app.go

@@ -463,10 +463,6 @@ func New(
 		appCodec, keys[metadatatypes.StoreKey], app.GetSubspace(metadatatypes.ModuleName), app.AccountKeeper, app.AuthzKeeper,
 	)
 
-	app.MarkerKeeper = markerkeeper.NewKeeper(
-		appCodec, keys[markertypes.StoreKey], app.GetSubspace(markertypes.ModuleName), app.AccountKeeper, app.BankKeeper, app.AuthzKeeper, app.FeeGrantKeeper, app.TransferKeeper, keys[banktypes.StoreKey],
-	)
-
 	app.NameKeeper = namekeeper.NewKeeper(
 		appCodec, keys[nametypes.StoreKey], app.GetSubspace(nametypes.ModuleName),
 	)
@@ -475,6 +471,11 @@ func New(
 		appCodec, keys[attributetypes.StoreKey], app.GetSubspace(attributetypes.ModuleName), app.AccountKeeper, app.NameKeeper,
 	)
 
+	app.MarkerKeeper = markerkeeper.NewKeeper(
+		appCodec, keys[markertypes.StoreKey], app.GetSubspace(markertypes.ModuleName), app.AccountKeeper, app.BankKeeper, app.AuthzKeeper, app.FeeGrantKeeper, app.TransferKeeper, app.AttributeKeeper, app.NameKeeper,
+	)
+	app.BankKeeper.SetSendRestrictionsFunc(app.MarkerKeeper.AllowMarkerSend)
+
 	pioMessageRouter := MessageRouterFunc(func(msg sdk.Msg) baseapp.MsgServiceHandler {
 		return pioMsgFeesRouter.Handler(msg)
 	})
@@ -709,6 +710,7 @@ func New(
 		capabilitytypes.ModuleName,
 		authtypes.ModuleName,
 		banktypes.ModuleName,
+		markertypes.ModuleName,
 		distrtypes.ModuleName,
 		stakingtypes.ModuleName,
 		slashingtypes.ModuleName,
@@ -723,7 +725,6 @@ func New(
 		quarantine.ModuleName,
 		sanction.ModuleName,
 
-		markertypes.ModuleName,
 		nametypes.ModuleName,
 		attributetypes.ModuleName,
 		metadatatypes.ModuleName,

app/app_test.go

@@ -114,6 +114,7 @@ func TestExportAppStateAndValidators(t *testing.T) {
 			SupplyFixed:            true,
 			AllowGovernanceControl: true,
 			AllowForcedTransfer:    false,
+			RequiredAttributes:     []string{},
 		}), "adding %q account", denom)
 		markerToAddr[denom] = markerAddr
 	}

cmd/provenanced/cmd/genaccounts.go

@@ -303,7 +303,7 @@ func AddRootDomainAccountCmd(defaultNodeHome string) *cobra.Command {
 // AddGenesisMarkerCmd configures a marker account and adds it to the list of genesis accounts
 func AddGenesisMarkerCmd(defaultNodeHome string) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "add-genesis-marker [coin] --manager [address_or_key_name] --access [grant][,[grant]] --escrow [coin][, [coin]] --finalize --activate --type [COIN]",
+		Use:   "add-genesis-marker [coin] --manager [address_or_key_name] --access [grant][,[grant]] --escrow [coin][, [coin]] --finalize --activate --type [COIN] --required-attributes=attr.one,*.attr.two,...",
 		Short: "Adds a marker to genesis.json",
 		Long: `Adds a marker to genesis.json. The provided parameters must specify
 the marker supply and denom as a coin.  A managing account may be added as a key name or address. An accessgrant
@@ -312,7 +312,7 @@ a marker account is activated any unassigned marker supply must be provided as e
 a manager address assigned that can activate the marker after genesis.  Activated markers will have supply invariants
 enforced immediately.  An optional type flag can be provided or the default of COIN will be used.
 `,
-		Example: fmt.Sprintf(`$ %[1]s add-genesis-marker 1000000000funcoins --manager validator --access withdraw --escrow 100funcoins --finalize --type COIN`, version.AppName),
+		Example: fmt.Sprintf(`$ %[1]s add-genesis-marker 1000000000funcoins --manager validator --access withdraw --escrow 100funcoins --finalize --type COIN --required-attributes=attr.one,*.attr.two,...`, version.AppName),
 		Args:    cobra.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			clientCtx := client.GetClientContextFromCmd(cmd)
@@ -414,6 +414,7 @@ enforced immediately.  An optional type flag can be provided or the default of C
 				newMarkerFlags.SupplyFixed,
 				newMarkerFlags.AllowGovControl,
 				newMarkerFlags.AllowForceTransfer,
+				newMarkerFlags.RequiredAttributes,
 			)
 
 			if err = genAccount.Validate(); err != nil {

docs/proto-docs.md

@@ -1249,6 +1249,7 @@ MarkerAccount holds the marker configuration information in addition to a base a
 | `supply_fixed` | [bool](#bool) |  | A fixed supply will mint additional coin automatically if the total supply decreases below a set value. This may occur if the coin is burned or an account holding the coin is slashed. (default: true) |
 | `allow_governance_control` | [bool](#bool) |  | indicates that governance based control is allowed for this marker |
 | `allow_forced_transfer` | [bool](#bool) |  | Whether an admin can transfer restricted coins from a 3rd-party account without their signature. |
+| `required_attributes` | [string](#string) | repeated | list of required attributes on restricted marker in order to send and receive transfers if sender does not have transfer authority |
 
 
 
@@ -1366,6 +1367,7 @@ AddMarkerProposal defines defines a governance proposal to create a new marker
 | `access_list` | [AccessGrant](#provenance.marker.v1.AccessGrant) | repeated |  |
 | `supply_fixed` | [bool](#bool) |  |  |
 | `allow_governance_control` | [bool](#bool) |  |  |
+| `required_attributes` | [string](#string) | repeated |  |
 
 
 
@@ -1921,6 +1923,7 @@ MsgAddFinalizeActivateMarkerRequest defines the Msg/AddFinalizeActivateMarker re
 | `supply_fixed` | [bool](#bool) |  |  |
 | `allow_governance_control` | [bool](#bool) |  |  |
 | `allow_forced_transfer` | [bool](#bool) |  |  |
+| `required_attributes` | [string](#string) | repeated |  |
 
 
 
@@ -1954,6 +1957,7 @@ MsgAddMarkerRequest defines the Msg/AddMarker request type
 | `supply_fixed` | [bool](#bool) |  |  |
 | `allow_governance_control` | [bool](#bool) |  |  |
 | `allow_forced_transfer` | [bool](#bool) |  |  |
+| `required_attributes` | [string](#string) | repeated |  |
 
 
 

go.mod

@@ -169,7 +169,7 @@ require (
 
 replace github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1
 
-replace github.com/cosmos/cosmos-sdk => github.com/provenance-io/cosmos-sdk v0.46.10-pio-1
+replace github.com/cosmos/cosmos-sdk => github.com/provenance-io/cosmos-sdk v0.46.10-pio-3
 
 // use informal system fork of tendermint in the interim until comet is ready. This matches what the SDK is using.
 replace github.com/tendermint/tendermint => github.com/informalsystems/tendermint v0.34.26

go.sum

@@ -1004,8 +1004,8 @@ github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/provenance-io/cosmos-sdk v0.46.10-pio-1 h1:IhZz45StdsiyQ8D1cLbo4Ad7mZaMOXK6XBO7hHSBxxg=
-github.com/provenance-io/cosmos-sdk v0.46.10-pio-1/go.mod h1:bBmYwqCTndsFE+QQs2zdIoZ3f86jEi0BmDVm6unmf3k=
+github.com/provenance-io/cosmos-sdk v0.46.10-pio-3 h1:xoDLk++pxKDiPoMb6ch+qNzaIDfnHExJQH4mK6L5FLA=
+github.com/provenance-io/cosmos-sdk v0.46.10-pio-3/go.mod h1:bBmYwqCTndsFE+QQs2zdIoZ3f86jEi0BmDVm6unmf3k=
 github.com/provenance-io/ibc-go/v6 v6.1.0-pio-1 h1:2R9CS/FFGaOoPsdH+/8u+voFNmZqqkD6NuKsmnxMXLo=
 github.com/provenance-io/ibc-go/v6 v6.1.0-pio-1/go.mod h1:CY3zh2HLfetRiW8LY6kVHMATe90Wj/UOoY8T6cuB0is=
 github.com/provenance-io/wasmd v0.30.0-pio-1-rc3 h1:ZZf5LOERilqnr44J3DaD6KrwAY6NIprWvHcogu7FaSA=

internal/handlers/bank_send_restriction_test.go

@@ -0,0 +1,168 @@
+package handlers_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	abci "github.com/tendermint/tendermint/abci/types"
+	tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
+
+	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
+	sdksim "github.com/cosmos/cosmos-sdk/simapp"
+	"github.com/cosmos/cosmos-sdk/testutil/testdata"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
+	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
+
+	piosimapp "github.com/provenance-io/provenance/app"
+	"github.com/provenance-io/provenance/internal/pioconfig"
+	attrtypes "github.com/provenance-io/provenance/x/attribute/types"
+	"github.com/provenance-io/provenance/x/marker/types"
+	markertypes "github.com/provenance-io/provenance/x/marker/types"
+)
+
+func TestBankSend(tt *testing.T) {
+	txFailureCode := uint32(1)
+	pioconfig.SetProvenanceConfig(sdk.DefaultBondDenom, 1) // set denom as stake and floor gas price as 1 stake.
+	priv1, _, addr1 := testdata.KeyTestPubAddr()
+	priv2, _, addr2 := testdata.KeyTestPubAddr()
+	priv3, _, addr3 := testdata.KeyTestPubAddr()
+	acct1 := authtypes.NewBaseAccount(addr1, priv1.PubKey(), 0, 0)
+	acct1Balance := sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(1000000000)))
+	acct2 := authtypes.NewBaseAccount(addr2, priv2.PubKey(), 1, 0)
+	acct2Balance := sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, sdk.NewInt(1000000000)))
+	acct3 := authtypes.NewBaseAccount(addr3, priv3.PubKey(), 2, 0)
+
+	app := piosimapp.SetupWithGenesisAccounts(tt, "bank-restriction-testing",
+		[]authtypes.GenesisAccount{acct1, acct2, acct3},
+		banktypes.Balance{Address: addr1.String(), Coins: acct1Balance},
+		banktypes.Balance{Address: addr2.String(), Coins: acct2Balance},
+	)
+	ctx := app.BaseApp.NewContext(false, tmproto.Header{ChainID: "bank-restriction-testing"})
+	app.AccountKeeper.SetParams(ctx, authtypes.DefaultParams())
+
+	require.NoError(tt, app.NameKeeper.SetNameRecord(ctx, "some.kyc.provenance.io", addr1, false))
+	require.NoError(tt, app.AttributeKeeper.SetAttribute(ctx, attrtypes.NewAttribute("some.kyc.provenance.io", acct3.Address, attrtypes.AttributeType_Bytes, []byte{}), addr1))
+
+	nrMarkerDenom := "nonrestrictedmarker"
+	nrMarkerAcct := authtypes.NewBaseAccount(types.MustGetMarkerAddress(nrMarkerDenom), nil, 200, 0)
+	require.NoError(tt, app.MarkerKeeper.AddFinalizeAndActivateMarker(ctx, markertypes.NewMarkerAccount(nrMarkerAcct, sdk.NewInt64Coin(nrMarkerDenom, 10_000), addr1, []markertypes.AccessGrant{{Address: acct1.Address,
+		Permissions: []markertypes.Access{markertypes.Access_Withdraw}}}, markertypes.StatusProposed, markertypes.MarkerType_Coin, true, true, false, []string{})), "")
+
+	restrictedMarkerDenom := "restrictedmarker"
+	rMarkerAcct := authtypes.NewBaseAccount(types.MustGetMarkerAddress(restrictedMarkerDenom), nil, 300, 0)
+	require.NoError(tt, app.MarkerKeeper.AddFinalizeAndActivateMarker(ctx, markertypes.NewMarkerAccount(rMarkerAcct, sdk.NewInt64Coin(restrictedMarkerDenom, 10_000), addr1, []markertypes.AccessGrant{{Address: acct1.Address,
+		Permissions: []markertypes.Access{markertypes.Access_Withdraw, markertypes.Access_Transfer}}}, markertypes.StatusProposed, markertypes.MarkerType_RestrictedCoin, true, true, false, []string{})), "")
+
+	restrictedAttrMarkerDenom := "restrictedmarkerattr"
+	raMarkerAcct := authtypes.NewBaseAccount(types.MustGetMarkerAddress(restrictedAttrMarkerDenom), nil, 400, 0)
+	require.NoError(tt, app.MarkerKeeper.AddFinalizeAndActivateMarker(ctx, markertypes.NewMarkerAccount(raMarkerAcct, sdk.NewInt64Coin(restrictedAttrMarkerDenom, 10_000), addr1, []markertypes.AccessGrant{{Address: acct1.Address,
+		Permissions: []markertypes.Access{markertypes.Access_Withdraw, markertypes.Access_Transfer}}}, markertypes.StatusProposed, markertypes.MarkerType_RestrictedCoin, true, true, false, []string{"some.kyc.provenance.io"})), "")
+
+	// Check both account balances before we begin.
+	addr1beforeBalance := app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "1000000000stake", addr1beforeBalance, "addr1beforeBalance")
+	addr2beforeBalance := app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "1000000000stake", addr2beforeBalance, "addr2beforeBalance")
+
+	// send withdraw for coins
+	withdrawMsg := markertypes.NewMsgWithdrawRequest(addr1, addr1, nrMarkerDenom,
+		sdk.NewCoins(sdk.NewInt64Coin(nrMarkerDenom, 1000)))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, withdrawMsg, abci.CodeTypeOK, "")
+	// Check both account balances before we begin.
+	addr1afterBalance := app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "1000nonrestrictedmarker,999850000stake", addr1afterBalance, "addr1afterBalance")
+
+	// send withdraw for coins
+	withdrawMsg = markertypes.NewMsgWithdrawRequest(addr1, addr1, restrictedMarkerDenom,
+		sdk.NewCoins(sdk.NewInt64Coin(restrictedMarkerDenom, 1000)))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, withdrawMsg, abci.CodeTypeOK, "")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "1000nonrestrictedmarker,1000restrictedmarker,999700000stake", addr1afterBalance, "addr1afterBalance")
+
+	// send withdraw for coins
+	withdrawMsg = markertypes.NewMsgWithdrawRequest(addr1, addr1, restrictedAttrMarkerDenom,
+		sdk.NewCoins(sdk.NewInt64Coin(restrictedAttrMarkerDenom, 1000)))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, withdrawMsg, abci.CodeTypeOK, "")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "1000nonrestrictedmarker,1000restrictedmarker,1000restrictedmarkerattr,999550000stake", addr1afterBalance, "addr1afterBalance")
+
+	// send restricted marker from account with transfer rights and no required attributes, expect success
+	sendRMarker := banktypes.NewMsgSend(addr1, addr2, sdk.NewCoins(sdk.NewInt64Coin(restrictedMarkerDenom, 100)))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, sendRMarker, abci.CodeTypeOK, "")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "1000nonrestrictedmarker,900restrictedmarker,1000restrictedmarkerattr,999400000stake", addr1afterBalance, "addr1afterBalance")
+	addr2afterBalance := app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "100restrictedmarker,1000000000stake", addr2afterBalance, "addr2beforeBalance")
+
+	// send non restricted marker, expect success
+	sendRMarker = banktypes.NewMsgSend(addr1, addr2, sdk.NewCoins(sdk.NewInt64Coin(nrMarkerDenom, 100)))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, sendRMarker, abci.CodeTypeOK, "")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "900nonrestrictedmarker,900restrictedmarker,1000restrictedmarkerattr,999250000stake", addr1afterBalance, "addr1afterBalance")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "100nonrestrictedmarker,100restrictedmarker,1000000000stake", addr2afterBalance, "addr2beforeBalance")
+
+	sendNRMarker := banktypes.NewMsgSend(addr2, addr1, sdk.NewCoins(sdk.NewInt64Coin(nrMarkerDenom, 50)))
+	ConstructAndSendTx(tt, *app, ctx, acct2, priv2, sendNRMarker, abci.CodeTypeOK, "")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "950nonrestrictedmarker,900restrictedmarker,1000restrictedmarkerattr,999250000stake", addr1afterBalance, "addr1afterBalance")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "50nonrestrictedmarker,100restrictedmarker,999850000stake", addr2afterBalance, "addr2beforeBalance")
+
+	// On a restricted coin without required attributes where the sender doesn't have TRANSFER permission.
+	sendRMarker = banktypes.NewMsgSend(addr2, addr1, sdk.NewCoins(sdk.NewInt64Coin(restrictedMarkerDenom, 100)))
+	ConstructAndSendTx(tt, *app, ctx, acct2, priv2, sendRMarker, txFailureCode, addr2.String()+" does not have transfer permissions")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "950nonrestrictedmarker,900restrictedmarker,1000restrictedmarkerattr,999250000stake", addr1afterBalance, "addr1afterBalance")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "50nonrestrictedmarker,100restrictedmarker,999700000stake", addr2afterBalance, "addr2beforeBalance")
+
+	// On a restricted coin with required attributes from a sender that has TRANSFER permission, but the receiver doesn't have the required attributes.
+	sendRMarker = banktypes.NewMsgSend(addr1, addr2, sdk.NewCoins(sdk.NewInt64Coin(restrictedAttrMarkerDenom, 100)))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, sendRMarker, abci.CodeTypeOK, "")
+	addr1afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "950nonrestrictedmarker,900restrictedmarker,900restrictedmarkerattr,999100000stake", addr1afterBalance, "addr1afterBalance")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "50nonrestrictedmarker,100restrictedmarker,100restrictedmarkerattr,999700000stake", addr2afterBalance, "addr2beforeBalance")
+
+	// On a restricted coin with required attributes from a sender that does not have TRANSFER permission, but the receiver DOES have the required attributes.
+	sendRMarker = banktypes.NewMsgSend(addr2, addr3, sdk.NewCoins(sdk.NewInt64Coin(restrictedAttrMarkerDenom, 25)))
+	ConstructAndSendTx(tt, *app, ctx, acct2, priv2, sendRMarker, abci.CodeTypeOK, "")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "50nonrestrictedmarker,100restrictedmarker,75restrictedmarkerattr,999550000stake", addr2afterBalance, "addr1afterBalance")
+	addr3afterBalance := app.BankKeeper.GetAllBalances(ctx, addr3).String()
+	assert.Equal(tt, "25restrictedmarkerattr", addr3afterBalance, "addr3beforeBalance")
+
+	// MsgTransfer Tests
+	// On a restricted coin with required attributes using an admin that has TRANSFER permission, but the receiver doesn't have the required attributes.
+	tranferRMarker := markertypes.NewMsgTransferRequest(addr1, addr1, addr2, sdk.NewInt64Coin(restrictedMarkerDenom, 25))
+	ConstructAndSendTx(tt, *app, ctx, acct1, priv1, tranferRMarker, abci.CodeTypeOK, "")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr1).String()
+	assert.Equal(tt, "950nonrestrictedmarker,875restrictedmarker,900restrictedmarkerattr,998950000stake", addr2afterBalance, "addr1afterBalance")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "50nonrestrictedmarker,125restrictedmarker,75restrictedmarkerattr,999550000stake", addr2afterBalance, "addr2beforeBalance")
+
+	// On a restricted coin with required attributes using an admin that does not have TRANSFER permission, but the receiver DOES have the required attributes.
+	tranferRAMarker := markertypes.NewMsgTransferRequest(addr2, addr2, addr3, sdk.NewInt64Coin(restrictedAttrMarkerDenom, 25))
+	ConstructAndSendTx(tt, *app, ctx, acct2, priv2, tranferRAMarker, txFailureCode, addr2.String()+" is not allowed to broker transfers")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr2).String()
+	assert.Equal(tt, "50nonrestrictedmarker,125restrictedmarker,75restrictedmarkerattr,999400000stake", addr2afterBalance, "addr1afterBalance")
+	addr2afterBalance = app.BankKeeper.GetAllBalances(ctx, addr3).String()
+	assert.Equal(tt, "25restrictedmarkerattr", addr3afterBalance, "addr3beforeBalance")
+}
+
+func ConstructAndSendTx(tt *testing.T, app piosimapp.App, ctx sdk.Context, acct *authtypes.BaseAccount, priv cryptotypes.PrivKey, msg sdk.Msg, expectedCode uint32, expectedError string) {
+	encCfg := sdksim.MakeTestEncodingConfig()
+	fees := sdk.NewCoins(sdk.NewInt64Coin(sdk.DefaultBondDenom, int64(NewTestGasLimit())))
+	acct = app.AccountKeeper.GetAccount(ctx, acct.GetAddress()).(*authtypes.BaseAccount)
+	txBytes, err := SignTxAndGetBytes(NewTestGasLimit(), fees, encCfg, priv.PubKey(), priv, *acct, ctx.ChainID(), msg)
+	require.NoError(tt, err, "SignTxAndGetBytes")
+	res := app.DeliverTx(abci.RequestDeliverTx{Tx: txBytes})
+	require.Equal(tt, expectedCode, res.Code, "res=%+v", res)
+	if len(expectedError) > 0 {
+		require.Contains(tt, res.Log, expectedError, "DeliverTx result.Log")
+	}
+}