feat(x/staking): StakeAuthorization: Allow delegating to all validators

[ziscky]

Description

Closes: #11126

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title, you can find examples of the prefixes below:
• confirmed ! in the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• reviewed "Files changed" and left comments if necessary
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• updated the relevant documentation or specification, including comments for documenting Go code
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

Please see Pull Request Reviewer section in the contributing guide for more information on how to review a pull request.

I have...

• confirmed the correct type prefix in the PR title
• confirmed all author checklist items have been addressed
• reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

• New Features

  • Added metadata field for validator details
  • Enhanced stake authorization to allow delegation to all validators when allow and deny lists are empty

• Bug Fixes

  • Fixed authorization validation logic for stake authorizations
  • Improved error handling in staking module methods

• Documentation

  • Updated README and changelog to clarify stake authorization behavior
  • Added explanations for new metadata and authorization features

• Tests

  • Expanded test coverage for authorization scenarios
  • Added new test cases for validator delegation and authorization rules

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request introduces modifications to the authorization (authz) module, specifically focusing on stake authorization. The changes primarily address the ability to delegate to all validators by allowing empty allow and deny lists. This involves updates to test cases, README documentation, and validation logic in the staking module. The modifications aim to provide more flexibility in authorization grants for delegation permissions.

Changes

File	Change Summary
tests/systemtests/authz_test.go	Added new grantee addresses and expanded test scenarios for delegate, unbond, and redelegate authorizations
x/authz/README.md	Clarified StakeAuthorization behavior when allow and deny lists are empty
x/staking/CHANGELOG.md	Updated with new features, API breaking changes, improvements, and bug fixes
x/staking/types/authz.go	Modified validateAllowAndDenyValidators to remove restrictions on empty lists
x/staking/types/authz_test.go	Added test case for authorization with empty allow and deny lists

Assessment against linked issues

Objective	Addressed	Explanation
Allow delegate permissions to all validators [#11126]	✅
Remove requirement for explicit allow or deny list	✅

Possibly related PRs

• chore(x/authz)!: Remove account keeper dependency #21632: Modifications to the authz module
• docs(x/authz): update grant docs #21677: Updates to StakeAuthorization documentation
• test: x/accounts systemtests #22320: System tests for x/accounts module
• test(systemtests): fix gRPC tests for v1 & v2 #22774: gRPC tests
• docs: fix multiple typos #23143: Documentation updates

Suggested labels

Type: ADR

Suggested reviewers

• julienrbrt
• testinginprod
• tac0turtle
• akhilkumarpilli
• raynaudoe

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[julienrbrt]

Closing this as stale. Feel free to re-open if willing to continue.

[ziscky]

Closing this as stale. Feel free to re-open if willing to continue.

Back from vacation. Looking into it again

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

x/staking/CHANGELOG.md (1)

56-56: Consider moving the change to the "Features" section.

The change to allow delegating StakeAuthorization to all validators appears to be a new feature rather than a bug fix, as it extends the functionality of the authorization system.

🧰 Tools

🪛 Markdownlint (0.37.0)

56-56: null
Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

x/staking/types/authz_test.go (1)

Line range hint 87-87: Minor language improvement suggested

Consider replacing "amount of tokens" with "number of tokens" as it's more grammatically correct when referring to countable items.

-`MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated.
+`MaxTokens` that keeps track of a limit to the number of tokens that can be delegated/undelegated/redelegated.

x/authz/README.md (1)

87-87: Consider improving grammar.

Replace "amount of tokens" with "number of tokens" as "tokens" is a countable noun.

-`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/main/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorize delegation, undelegation, redelegation or cancel unbonding delegation, each of which must be authorized separately. It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, enabling you to specify which validators the grantee can or cannot stake with. If both `AllowList` and `DenyList` are empty delegation to all validators is allowed.
+`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/main/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorize delegation, undelegation, redelegation or cancel unbonding delegation, each of which must be authorized separately. It also takes an optional `MaxTokens` that keeps track of a limit to the number of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, enabling you to specify which validators the grantee can or cannot stake with. If both `AllowList` and `DenyList` are empty delegation to all validators is allowed.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~87-~87: ‘Amount of’ should usually only be used with uncountable or mass nouns. Consider using “number” if this is not the case.
Context: ...ens` that keeps track of a limit to the amount of tokens that can be delegated/undeleg...

(AMOUNTOF_TO_NUMBEROF)

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c1192da and 178c0bd.

📒 Files selected for processing (5)

• tests/systemtests/authz_test.go (2 hunks)
• x/authz/README.md (1 hunks)
• x/staking/CHANGELOG.md (1 hunks)
• x/staking/types/authz.go (0 hunks)
• x/staking/types/authz_test.go (1 hunks)

💤 Files with no reviewable changes (1)

• x/staking/types/authz.go

🧰 Additional context used

📓 Path-based instructions (4)

x/authz/README.md (1)

Pattern **/*.md: "Assess the documentation for misspellings, grammatical errors, missing documentation and correctness"

x/staking/types/authz_test.go (2)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

---

Pattern **/*_test.go: "Assess the unit test code assessing sufficient code coverage for the changes associated in the pull request"

x/staking/CHANGELOG.md (1)

Pattern **/*.md: "Assess the documentation for misspellings, grammatical errors, missing documentation and correctness"

tests/systemtests/authz_test.go (3)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

---

Pattern tests/**/*: "Assess the integration and e2e test code assessing sufficient code coverage for the changes associated in the pull request"

---

Pattern **/*_test.go: "Assess the unit test code assessing sufficient code coverage for the changes associated in the pull request"

🪛 LanguageTool

x/authz/README.md

[uncategorized] ~87-~87: ‘Amount of’ should usually only be used with uncountable or mass nouns. Consider using “number” if this is not the case.
Context: ...ens` that keeps track of a limit to the amount of tokens that can be delegated/undeleg...

(AMOUNTOF_TO_NUMBEROF)

🪛 Markdownlint (0.37.0)

x/staking/CHANGELOG.md

56-56: null
Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

🔇 Additional comments (8)

x/staking/types/authz_test.go (3)

214-228: Well-structured test case for empty validator lists!

The test case effectively validates that delegation is allowed when both allow and deny lists are empty, which is a key requirement for enabling delegation to all validators.

---

Line range hint 53-58: LGTM! Good test setup.

The addition of new grantee addresses properly expands the test coverage for the new authorization scenarios.

---

Line range hint 169-174: Comprehensive test coverage for empty validator lists!

The new test cases effectively verify that all staking operations (delegate/unbond/redelegate) work correctly without specifying allow or deny lists, while properly enforcing spend limits.

Also applies to: 182-188, 196-202

tests/systemtests/authz_test.go (4)

53-58: LGTM!

The new grantee address declarations follow the existing pattern and include proper validation checks against the granter address.

---

169-174: LGTM!

The new test case properly validates the delegate authorization without allow or deny list, which aligns with the PR objective to allow delegating to all validators.

---

182-188: LGTM!

The new test case properly validates the unbond authorization without allow or deny list, maintaining consistency with the delegate authorization test case.

---

196-202: LGTM!

The new test case properly validates the redelegate authorization without allow or deny list, maintaining consistency with the delegate and unbond authorization test cases.

x/authz/README.md (1)

87-87: LGTM!

The added clarification about empty allow and deny lists properly documents the new behavior, aligning with the PR objective to allow delegating to all validators.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~87-~87: ‘Amount of’ should usually only be used with uncountable or mass nouns. Consider using “number” if this is not the case.
Context: ...ens` that keeps track of a limit to the amount of tokens that can be delegated/undeleg...

(AMOUNTOF_TO_NUMBEROF)