imp: add extra validation to ica msgs (backport #8734) (#8738)

mergify[bot] · srdtrk · web-flow · commit 31be27623c01 · 2025-12-18T20:11:42.000+07:00
* imp: add extra validation to ica msgs (#8734) * imp: add extra validation * chore: lint * imp: error msg * test: fix tests * docs: document the validation change --------- Co-authored-by: Alex | Cosmos Labs <alex@cosmoslabs.io> (cherry picked from commit 7574333) # Conflicts: # docs/docs/02-apps/02-interchain-accounts/07-tx-encoding.md # modules/apps/27-interchain-accounts/host/keeper/relay_test.go * fix: conflicts * fix: use ErrUnknownDataType instead of ibcerrors.ErrInvalidType * test: fix * lint: gci * test: fix * chore: remove unused diff * docs: update changelog --------- Co-authored-by: srdtrk <59252793+srdtrk@users.noreply.github.com> Co-authored-by: srdtrk <srdtrk@hotmail.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,12 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 # Changelog
 
+## [v8.8.0](https://github.com/cosmos/ibc-go/releases/tag/v8.7.0) - 2025-12-18
+
+### Improvements
+
+* [\#8734](https://github.com/cosmos/ibc-go/pull/8734) Add extra validation for ProtoJSON unmarshalling in ICS-27 ICA.
+
 ## [v8.7.0](https://github.com/cosmos/ibc-go/releases/tag/v8.7.0) - 2025-03-12
 
 - [ISA-2025-001](https://github.com/cosmos/ibc-go/security/advisories/GHSA-4wf3-5qj9-368v) Fix ISA-2025-001
diff --git a/modules/apps/27-interchain-accounts/host/keeper/relay_test.go b/modules/apps/27-interchain-accounts/host/keeper/relay_test.go
@@ -9,7 +9,9 @@ import (
 	sdkmath "cosmossdk.io/math"
 
 	codectypes "github.com/cosmos/cosmos-sdk/codec/types"
+	"github.com/cosmos/cosmos-sdk/testutil/testdata"
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
 	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
 	disttypes "github.com/cosmos/cosmos-sdk/x/distribution/types"
 	govv1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1"
@@ -555,7 +557,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 		expPass  bool
 	}{
 		{
-			"interchain account successfully executes an arbitrary message type using the * (allow all message types) param",
+			"success: interchain account successfully executes an arbitrary message type using the * (allow all message types) param",
 			func(icaAddress string) {
 				// Populate the gov keeper in advance with an active proposal
 				testProposal := &govtypes.TextProposal{
@@ -579,8 +581,8 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 						{
 							"@type": "/cosmos.gov.v1beta1.MsgVote",
 							"voter": "` + icaAddress + `",
-							"proposal_id": 1,
-							"option": 1
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES"
 						}
 					]
 				}`)
@@ -599,7 +601,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"interchain account successfully executes banktypes.MsgSend",
+			"success: interchain account successfully executes banktypes.MsgSend",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -624,7 +626,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"interchain account successfully executes govtypes.MsgSubmitProposal",
+			"success: interchain account successfully executes govtypesv1.MsgSubmitProposal",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -653,7 +655,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"interchain account successfully executes govtypes.MsgVote",
+			"success: interchain account successfully executes govtypesv1.MsgVote",
 			func(icaAddress string) {
 				// Populate the gov keeper in advance with an active proposal
 				testProposal := &govtypes.TextProposal{
@@ -677,8 +679,8 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 						{
 							"@type": "/cosmos.gov.v1beta1.MsgVote",
 							"voter": "` + icaAddress + `",
-							"proposal_id": 1,
-							"option": 1
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES"
 						}
 					]
 				}`)
@@ -695,7 +697,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"interchain account successfully executes govtypes.MsgSubmitProposal, govtypes.MsgDeposit, and then govtypes.MsgVote sequentially",
+			"success: interchain account successfully executes govtypesv1.MsgSubmitProposal, govtypesv1.MsgDeposit, and then govtypesv1.MsgVote sequentially",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -710,16 +712,16 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 							"proposer": "` + icaAddress + `"
 						},
 						{
-							"@type": "/cosmos.gov.v1beta1.MsgDeposit",
-							"proposal_id": 1,
+							"@type": "/cosmos.gov.v1.MsgDeposit",
+							"proposal_id": "1",
 							"depositor": "` + icaAddress + `",
 							"amount": [{ "denom": "stake", "amount": "10000000" }]
 						},
 						{
 							"@type": "/cosmos.gov.v1beta1.MsgVote",
 							"voter": "` + icaAddress + `",
-							"proposal_id": 1,
-							"option": 1
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES"
 						}
 					]
 				}`)
@@ -730,13 +732,13 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 					"data":` + byteArrayString + `
 				}`)
 
-				params := types.NewParams(true, []string{sdk.MsgTypeURL((*govtypes.MsgSubmitProposal)(nil)), sdk.MsgTypeURL((*govtypes.MsgDeposit)(nil)), sdk.MsgTypeURL((*govtypes.MsgVote)(nil))})
+				params := types.NewParams(true, []string{sdk.MsgTypeURL((*govtypes.MsgSubmitProposal)(nil)), sdk.MsgTypeURL((*govv1.MsgDeposit)(nil)), sdk.MsgTypeURL((*govtypes.MsgVote)(nil))})
 				suite.chainB.GetSimApp().ICAHostKeeper.SetParams(suite.chainB.GetContext(), params)
 			},
 			true,
 		},
 		{
-			"interchain account successfully executes transfertypes.MsgTransfer",
+			"success: interchain account successfully executes transfertypes.MsgTransfer",
 			func(icaAddress string) {
 				transferPath := ibctesting.NewTransferPath(suite.chainB, suite.chainC)
 
@@ -751,8 +753,9 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 							"token": { "denom": "stake", "amount": "100" },
 							"sender": "` + icaAddress + `",
 							"receiver": "cosmos15ulrf36d4wdtrtqzkgaan9ylwuhs7k7qz753uk",
-							"timeout_height": { "revision_number": 1, "revision_height": 100 },
-							"timeout_timestamp": 0
+							"timeout_height": { "revision_number": "1", "revision_height": "100" },
+							"timeout_timestamp": "0",
+							"memo": ""
 						}
 					]
 				}`)
@@ -769,7 +772,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			true,
 		},
 		{
-			"unregistered sdk.Msg",
+			"failure: unregistered sdk.Msg",
 			func(icaAddress string) {
 				msgBytes := []byte(`{"messages":[{}]}`)
 				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",")
@@ -785,7 +788,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			false,
 		},
 		{
-			"message type not allowed banktypes.MsgSend",
+			"failure: message type not allowed banktypes.MsgSend",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -810,7 +813,7 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			false,
 		},
 		{
-			"unauthorised: signer address is not the interchain account associated with the controller portID",
+			"failure: signer address is not the interchain account associated with the controller portID",
 			func(icaAddress string) {
 				msgBytes := []byte(`{
 					"messages": [
@@ -834,6 +837,113 @@ func (suite *KeeperTestSuite) TestJSONOnRecvPacket() {
 			},
 			false,
 		},
+		{
+			"failure: missing optional metadata field",
+			func(icaAddress string) {
+				proposal, err := govv1.NewProposal([]sdk.Msg{getTestProposalMessage()}, govv1.DefaultStartingProposalID, suite.chainA.GetContext().BlockTime(), suite.chainA.GetContext().BlockTime(), "test proposal", "title", "Description", sdk.AccAddress(interchainAccountAddr), false)
+				suite.Require().NoError(err)
+
+				err = suite.chainB.GetSimApp().GovKeeper.SetProposal(suite.chainB.GetContext(), proposal)
+				suite.Require().NoError(err)
+				err = suite.chainB.GetSimApp().GovKeeper.ActivateVotingPeriod(suite.chainB.GetContext(), proposal)
+				suite.Require().NoError(err)
+
+				msgBytes := []byte(`{
+					"messages": [
+						{
+							"@type": "/cosmos.gov.v1.MsgVote",
+							"voter": "` + icaAddress + `",
+							"proposal_id": "1",
+							"option": "VOTE_OPTION_YES"
+						}
+					]
+				}`)
+				// this is the way cosmwasm encodes byte arrays by default
+				// golang doesn't use this encoding by default, but it can still deserialize:
+				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",") //nolint:staticcheck
+
+				packetData = []byte(`{
+					"type": 1,
+					"data":` + byteArrayString + `
+				}`)
+
+				params := types.NewParams(true, []string{"*"})
+				suite.chainB.GetSimApp().ICAHostKeeper.SetParams(suite.chainB.GetContext(), params)
+			},
+			false,
+		},
+		{
+			"failure: alternative int representation of enum field",
+			func(icaAddress string) {
+				proposal, err := govv1.NewProposal([]sdk.Msg{getTestProposalMessage()}, govv1.DefaultStartingProposalID, suite.chainA.GetContext().BlockTime(), suite.chainA.GetContext().BlockTime(), "test proposal", "title", "Description", sdk.AccAddress(interchainAccountAddr), false)
+				suite.Require().NoError(err)
+
+				err = suite.chainB.GetSimApp().GovKeeper.SetProposal(suite.chainB.GetContext(), proposal)
+				suite.Require().NoError(err)
+				err = suite.chainB.GetSimApp().GovKeeper.ActivateVotingPeriod(suite.chainB.GetContext(), proposal)
+				suite.Require().NoError(err)
+
+				msgBytes := []byte(`{
+					"messages": [
+						{
+							"@type": "/cosmos.gov.v1.MsgVote",
+							"voter": "` + icaAddress + `",
+							"proposal_id": "1",
+							"option": 1,
+							"metadata": ""
+						}
+					]
+				}`)
+				// this is the way cosmwasm encodes byte arrays by default
+				// golang doesn't use this encoding by default, but it can still deserialize:
+				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",") //nolint:staticcheck
+
+				packetData = []byte(`{
+					"type": 1,
+					"data":` + byteArrayString + `
+				}`)
+
+				params := types.NewParams(true, []string{"*"})
+				suite.chainB.GetSimApp().ICAHostKeeper.SetParams(suite.chainB.GetContext(), params)
+			},
+			false,
+		},
+		{
+			"failure: alternative integer field representation",
+			func(icaAddress string) {
+				proposal, err := govv1.NewProposal([]sdk.Msg{getTestProposalMessage()}, govv1.DefaultStartingProposalID, suite.chainA.GetContext().BlockTime(), suite.chainA.GetContext().BlockTime(), "test proposal", "title", "Description", sdk.AccAddress(interchainAccountAddr), false)
+				suite.Require().NoError(err)
+
+				err = suite.chainB.GetSimApp().GovKeeper.SetProposal(suite.chainB.GetContext(), proposal)
+				suite.Require().NoError(err)
+				err = suite.chainB.GetSimApp().GovKeeper.ActivateVotingPeriod(suite.chainB.GetContext(), proposal)
+				suite.Require().NoError(err)
+
+				msgBytes := []byte(`{
+					"messages": [
+						{
+							"@type": "/cosmos.gov.v1.MsgVote",
+							"voter": "` + icaAddress + `",
+							"proposal_id": 1,
+							"option": "VOTE_OPTION_YES",
+							"metadata": ""
+						}
+					]
+				}`)
+				// this is the way cosmwasm encodes byte arrays by default
+				// golang doesn't use this encoding by default, but it can still deserialize:
+				byteArrayString := strings.Join(strings.Fields(fmt.Sprint(msgBytes)), ",") //nolint:staticcheck
+
+				packetData = []byte(`{
+					"type": 1,
+					"data":` + byteArrayString + `
+				}`)
+
+				params := types.NewParams(true, []string{"*"})
+				suite.chainB.GetSimApp().ICAHostKeeper.SetParams(suite.chainB.GetContext(), params)
+			},
+			false,
+		},
 	}
 
 	for _, tc := range testCases {
@@ -897,3 +1007,8 @@ func (suite *KeeperTestSuite) fundICAWallet(ctx sdk.Context, portID string, amou
 	suite.Require().NotEmpty(res)
 	suite.Require().NoError(err)
 }
+
+func getTestProposalMessage() sdk.Msg {
+	_, _, addr := testdata.KeyTestPubAddr()
+	return banktypes.NewMsgSend(authtypes.NewModuleAddress("gov"), addr, sdk.NewCoins(sdk.NewCoin("stake", sdkmath.NewInt(1000))))
+}
diff --git a/modules/apps/27-interchain-accounts/types/codec.go b/modules/apps/27-interchain-accounts/types/codec.go
@@ -1,6 +1,9 @@
 package types
 
 import (
+	"encoding/json"
+	"reflect"
+
 	"github.com/cosmos/gogoproto/proto"
 
 	errorsmod "cosmossdk.io/errors"
@@ -90,6 +93,15 @@ func DeserializeCosmosTx(cdc codec.Codec, data []byte, encoding string) ([]sdk.M
 		if err := cdc.UnmarshalJSON(data, &cosmosTx); err != nil {
 			return nil, errorsmod.Wrapf(ErrUnknownDataType, "cannot unmarshal CosmosTx with proto3 json")
 		}
+		reconstructedData, err := cdc.MarshalJSON(&cosmosTx)
+		if err != nil {
+			return nil, errorsmod.Wrapf(ErrUnknownDataType, "cannot remarshal CosmosTx with proto3 json: %v", err)
+		}
+		if isEqual, err := equalJSON(data, reconstructedData); err != nil {
+			return nil, errorsmod.Wrapf(ErrUnknownDataType, "cannot compare original and reconstructed JSON: %v", err)
+		} else if !isEqual {
+			return nil, errorsmod.Wrapf(ErrUnknownDataType, "original and reconstructed JSON objects do not match, original: %s, reconstructed: %s", string(data), string(reconstructedData))
+		}
 	default:
 		return nil, errorsmod.Wrapf(ErrInvalidCodec, "unsupported encoding format %s", encoding)
 	}
@@ -107,3 +119,14 @@ func DeserializeCosmosTx(cdc codec.Codec, data []byte, encoding string) ([]sdk.M
 
 	return msgs, nil
 }
+
+func equalJSON(a, b []byte) (bool, error) {
+	var x, y any
+	if err := json.Unmarshal(a, &x); err != nil {
+		return false, err
+	}
+	if err := json.Unmarshal(b, &y); err != nil {
+		return false, err
+	}
+	return reflect.DeepEqual(x, y), nil
+}
