cosmos · bznein · Aug 8, 2024 · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024
@@ -172,6 +172,14 @@ func (im IBCModule) OnSendPacket(
 	dataBz []byte,
 	signer sdk.AccAddress,
 ) error {
+	if !im.keeper.GetParams(ctx).SendEnabled {
+		return types.ErrSendDisabled
+	}
+	if im.keeper.IsBlockedAddr(signer) {
+		return errorsmod.Wrapf(ibcerrors.ErrUnauthorized, "%s is not allowed to send funds", signer)
+	}
+
+
 	ics20Version, found := im.keeper.GetICS4Wrapper().GetAppVersion(ctx, portID, channelID)
 	if !found {
 		return errorsmod.Wrapf(ibcerrors.ErrNotFound, "app version not found for port %s and channel %s", portID, channelID)
@@ -182,6 +190,17 @@ func (im IBCModule) OnSendPacket(
 		return err
 	}
 
+	if ics20Version == types.V1 {
+		// ics20-1 only supports a single coin, so if that is the current version, we must only process a single coin.
+		if len(data.Tokens) > 1 {
+			return errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "cannot transfer multiple coins with %s", types.V1)
+		}
+
+		if len(data.Forwarding.Hops) > 1 {
+			return errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "cannot forward coins with %s", types.V1)
+		}
+
+	}
 	if data.Sender != signer.String() {
 		return errorsmod.Wrapf(ibcerrors.ErrInvalidAddress, "invalid signer address: expected %s, got %s", data.Sender, signer)
 	}

@@ -54,11 +54,6 @@ func (k Keeper) GetAllForwardedPackets(ctx sdk.Context) []types.ForwardedPacket
 	return k.getAllForwardedPackets(ctx)
 }
 
-// IsBlockedAddr is a wrapper around isBlockedAddr for testing purposes
-func (k Keeper) IsBlockedAddr(addr sdk.AccAddress) bool {
-	return k.isBlockedAddr(addr)
-}
-
 // CreatePacketDataBytesFromVersion is a wrapper around createPacketDataBytesFromVersion for testing purposes
 func CreatePacketDataBytesFromVersion(appVersion, sender, receiver, memo string, tokens types.Tokens, hops []types.Hop) ([]byte, error) {
 	return createPacketDataBytesFromVersion(appVersion, sender, receiver, memo, tokens, hops)

@@ -391,7 +391,7 @@ func (k Keeper) iterateForwardedPackets(ctx sdk.Context, cb func(packet types.Fo
 
 // IsBlockedAddr checks if the given address is allowed to send or receive tokens.
 // The module account is always allowed to send and receive tokens.
-func (k Keeper) isBlockedAddr(addr sdk.AccAddress) bool {
+func (k Keeper) IsBlockedAddr(addr sdk.AccAddress) bool {
 	moduleAddr := k.authKeeper.GetModuleAddress(types.ModuleName)
 	if addr.Equals(moduleAddr) {
 		return false

@@ -19,10 +19,6 @@ var _ types.MsgServer = (*Keeper)(nil)
 func (k Keeper) Transfer(goCtx context.Context, msg *types.MsgTransfer) (*types.MsgTransferResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 
-	if !k.GetParams(ctx).SendEnabled {
-		return nil, types.ErrSendDisabled
-	}
-
 	sender, err := sdk.AccAddressFromBech32(msg.Sender)
 	if err != nil {
 		return nil, err
@@ -33,27 +29,6 @@ func (k Keeper) Transfer(goCtx context.Context, msg *types.MsgTransfer) (*types.
 		return nil, errorsmod.Wrapf(types.ErrSendDisabled, err.Error())
 	}
 
-	if k.isBlockedAddr(sender) {
-		return nil, errorsmod.Wrapf(ibcerrors.ErrUnauthorized, "%s is not allowed to send funds", sender)
-	}
-
-	appVersion, found := k.ics4Wrapper.GetAppVersion(ctx, msg.SourcePort, msg.SourceChannel)
-	if !found {
-		return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "application version not found for source port: %s and source channel: %s", msg.SourcePort, msg.SourceChannel)
-	}
-
-	if appVersion == types.V1 {
-		// ics20-1 only supports a single coin, so if that is the current version, we must only process a single coin.
-		if len(msg.Tokens) > 1 {
-			return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "cannot transfer multiple coins with %s", types.V1)
-		}
-
-		// ics20-1 does not support forwarding, so if that is the current version, we must reject the transfer.
-		if msg.HasForwarding() {
-			return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "cannot forward coins with %s", types.V1)
-		}
-	}
-
 	if msg.Forwarding.GetUnwind() {
 		msg, err = k.unwindHops(ctx, msg)
 		if err != nil {
@@ -71,6 +46,10 @@ func (k Keeper) Transfer(goCtx context.Context, msg *types.MsgTransfer) (*types.
 		tokens = append(tokens, token)
 	}
 
+	appVersion, found := k.ics4Wrapper.GetAppVersion(ctx, msg.SourcePort, msg.SourceChannel)
+	if !found {
+		return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "application version not found for source port: %s and source channel: %s", msg.SourcePort, msg.SourceChannel)
+	}
 	packetDataBz, err := createPacketDataBytesFromVersion(appVersion, sender.String(), msg.Receiver, msg.Memo, tokens, msg.Forwarding.GetHops())
 	if err != nil {
 		return nil, err
@@ -149,7 +128,7 @@ func (k Keeper) unwindHops(ctx sdk.Context, msg *types.MsgTransfer) (*types.MsgT
 	msg.Forwarding.Hops = append(unwindHops[1:], msg.Forwarding.Hops...)
 	msg.Forwarding.Unwind = false
 
-	// Message is validate again, this would only fail if hops now exceeds maximum allowed.
+	// Message is validated again, this would only fail if hops now exceeds maximum allowed.
 	if err := msg.ValidateBasic(); err != nil {
 		return nil, err
 	}

diff --git a/modules/apps/transfer/keeper/msg_server_test.go b/modules/apps/transfer/keeper/msg_server_test.go
@@ -107,7 +107,7 @@ func (suite *KeeperTestSuite) TestMsgTransfer() {
 				// explicitly set to ics20-1 which does not support multi-denom
 				path.EndpointA.UpdateChannel(func(channel *channeltypes.Channel) { channel.Version = types.V1 })
 			},
-			ibcerrors.ErrInvalidRequest,
+			types.ErrInvalidVersion,
 		},
 		{
 			"failure: cannot unwind native tokens",

@@ -155,7 +155,7 @@ func (k Keeper) OnRecvPacket(ctx sdk.Context, packet channeltypes.Packet, data t
 		return err
 	}
 
-	if k.isBlockedAddr(receiver) {
+	if k.IsBlockedAddr(receiver) {
 		return errorsmod.Wrapf(ibcerrors.ErrUnauthorized, "%s is not allowed to receive funds", receiver)
 	}
 
@@ -323,7 +323,7 @@ func (k Keeper) refundPacketTokens(ctx sdk.Context, packet channeltypes.Packet,
 	if err != nil {
 		return err
 	}
-	if k.isBlockedAddr(sender) {
+	if k.IsBlockedAddr(sender) {
 		return errorsmod.Wrapf(ibcerrors.ErrUnauthorized, "%s is not allowed to receive funds", sender)
 	}
 
@@ -347,6 +347,10 @@ func (k Keeper) refundPacketTokens(ctx sdk.Context, packet channeltypes.Packet,
 				return err
 			}
 
+			if k.IsBlockedAddr(sender) {
+				return errorsmod.Wrapf(ibcerrors.ErrUnauthorized, "%s is not allowed to send funds", sender)
+			}
+
 			if err := k.bankKeeper.SendCoins(ctx, moduleAccountAddr, sender, sdk.NewCoins(coin)); err != nil {
 				panic(fmt.Errorf("unable to send coins from module to account despite previously minting coins to module account: %v", err))
 			}
@@ -430,7 +434,7 @@ func createPacketDataBytesFromVersion(appVersion, sender, receiver, memo string,
 	case types.V1:
 		// Sanity check, tokens must always be of length 1 if using app version V1.
 		if len(tokens) != 1 {
-			return nil, errorsmod.Wrapf(ibcerrors.ErrInvalidRequest, "cannot transfer multiple coins with %s", types.V1)
+			return nil, errorsmod.Wrapf(types.ErrInvalidVersion, "length of tokens must be equal to 1 if using %s version", types.V1)
 		}
 
 		token := tokens[0]

diff --git a/modules/apps/transfer/keeper/relay_test.go b/modules/apps/transfer/keeper/relay_test.go
@@ -169,21 +169,6 @@ func (suite *KeeperTestSuite) TestSendTransfer() {
 		// 	},
 		// 	channeltypes.ErrInvalidPacket,
 		// },
-		{
-			"failure: forwarding hops is not empty with ics20-1",
-			func() {
-				// Set version to isc20-1.
-				path.EndpointA.UpdateChannel(func(channel *channeltypes.Channel) {
-					channel.Version = types.V1
-				})
-
-				forwarding = types.NewForwarding(false, types.NewHop(
-					path.EndpointA.ChannelConfig.PortID,
-					path.EndpointA.ChannelID,
-				))
-			},
-			ibcerrors.ErrInvalidRequest,
-		},
 	}
 
 	for _, tc := range testCases {
@@ -1259,7 +1244,7 @@ func (suite *KeeperTestSuite) TestCreatePacketDataBytesFromVersion() {
 			},
 			func(bz []byte, err error) {
 				suite.Require().Nil(bz)
-				suite.Require().ErrorIs(err, ibcerrors.ErrInvalidRequest)
+				suite.Require().ErrorIs(err, types.ErrInvalidVersion)
 			},
 		},
 		{