feat: update ante handler to allow authz message

[beer-1]

Description

Bump OPinit to allow authz message to system lane and check fee granter when we check fee whitelist in free lane.

initia-labs/OPinit#126

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title, you can find examples of the prefixes below:

• confirmed ! in the type prefix if API or client breaking change
• targeted the correct branch
• provided a link to the relevant issue or specification
• reviewed "Files changed" and left comments if necessary
• included the necessary unit and integration tests
• updated the relevant documentation or specification, including comments for documenting Go code
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed all author checklist items have been addressed
• reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

• New Features

  • Updated Go toolchain to version 1.23.0 for improved performance and compatibility.
  • Incremented version of github.com/initia-labs/OPinit to enhance functionality.
  • Introduced new upgrade process for the Minitia application, including parameter updates and contract handling.

• Bug Fixes

  • Addressed vulnerabilities by updating dependencies, including github.com/gin-gonic/gin and replacing deprecated packages.

• Chores

  • Updated various module dependencies and specified custom versions to maintain compatibility and stability.

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

📥 Commits

Reviewing files that changed from the base of the PR and between 2b02285 and 357d9ca.

📒 Files selected for processing (1)

• app/upgrade.go (2 hunks)

 _________________________________________________________________________________________________
< Question: How does a large software project get to be one year late? Answer: One day at a time! >
 -------------------------------------------------------------------------------------------------
  \
   \   (\__/)
       (•ㅅ•)
       / 　 づ

Warning

Rate limit exceeded

@beer-1 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 8 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 2b02285 and 357d9ca.

Walkthrough

The pull request includes updates to the go.mod files for both the main module and the integration-tests module. The Go toolchain version is upgraded from go1.22.7 to go1.23.0, and the dependency github.com/initia-labs/OPinit is incremented from version v0.6.0 to v0.6.1. Multiple replace directives have been modified to point to specific versions of various modules, addressing vulnerabilities and bugs without adding or removing any dependencies. Additionally, the NewAppKeeper function has been updated to set the BankKeeper for the AuthzKeeper, and the upgrade process in upgrade.go has been enhanced to manage ERC20 contracts.

Changes

File	Change Summary
go.mod	- Updated Go version: go1.22.7 → go1.23.0 - Incremented github.com/initia-labs/OPinit: v0.6.0 → v0.6.1 - Modified replace directives for various modules, including updates for github.com/golang-jwt/jwt/v4, github.com/cosmos/keyring, and downgrades for github.com/syndtr/goleveldb.
integration-tests/go.mod	- Updated Go version: go1.22.7 → go1.23.0 - Incremented github.com/initia-labs/OPinit: v0.6.0 → v0.6.1 - Modified replace directives for custom versions of github.com/cometbft/cometbft, github.com/cosmos/ibc-go/v8, and others.
app/keepers/keepers.go	- Updated NewAppKeeper to set BankKeeper for AuthzKeeper.
app/upgrade.go	- Updated upgrade name: 0.6.5 → 0.6.6 - Enhanced upgrade process for ERC20 contracts, including error handling and code updates.

Possibly related PRs

• feat: allow erc20 metadata onetime update #104: The changes in the main PR regarding the go.mod file updates are related to this PR, as both involve updates to the github.com/initia-labs/OPinit dependency from v0.6.0 to v0.6.1 and the Go toolchain version from go1.22.7 to go1.23.0.
• fix: use statedb context at get_hash #112: This PR also updates the go.mod file to reflect the same Go toolchain version change from go1.22.7 to go1.23.0, making it relevant to the main PR's changes.

Suggested reviewers

• djm07073

Poem

🐇 In the meadow, changes bloom,
Go versions rise, dispelling gloom.
Dependencies shift, like leaves in the breeze,
With each update, we hop with ease!
From v0.6.0 to v0.6.1,
Let's celebrate, our work is done! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

integration-tests/go.mod (1)

Line range hint 290-294: Verify grpc version constraint

The grpc version constraint to v1.65.0 is added to address issues with cosmos/relayer. This is a reasonable workaround, but we should track when this can be removed.

Consider adding a TODO comment with a link to track when this constraint can be removed.

go.mod (1)

Line range hint 292-295: Consider documenting the grpc version constraint

The comment explains the reason for pinning the grpc version, but it would be helpful to add a link to the issue or PR tracking this limitation.

 	// cosmos/relayer seems having problem with the latest version of grpc; return nil in the below line
 	// - https://github.com/cosmos/relayer/blob/4e4e9530800d28fb2c984f1cfc7b03f05eec618c/relayer/chains/cosmos/grpc_query.go#L30
+	// TODO: Remove this constraint once https://github.com/cosmos/relayer/issues/<number> is resolved
 	google.golang.org/grpc => google.golang.org/grpc v1.65.0

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between aef4430 and 96d8617.

⛔ Files ignored due to path filters (2)

• go.sum is excluded by !**/*.sum
• integration-tests/go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• go.mod (1 hunks)
• integration-tests/go.mod (1 hunks)

🔇 Additional comments (6)

integration-tests/go.mod (3)

Line range hint 266-271: Security fixes look good

The replace directives appropriately address known security vulnerabilities:

• Replacing deprecated jwt-go with maintained golang-jwt/jwt/v4
• Fixing upstream vulnerability in gin-gonic/gin

---

Line range hint 284-288: Verify custom fork compatibility

The replace directives for custom forks need careful consideration:

• cometbft → initia-labs/cometbft
• ibc-go/v8 → initia-labs/ibc-go/v8
• go-ethereum → initia-labs/evm

#!/bin/bash
# Description: Verify the compatibility and stability of custom forks

# Check commit history of custom forks for recent updates
for repo in cometbft ibc-go evm; do
  echo "=== Checking $repo ==="
  gh api repos/initia-labs/$repo/commits --jq '.[0:3].[].commit.message'
done

# Look for any reported issues with these forks
for repo in cometbft ibc-go evm; do
  echo "=== Issues for $repo ==="
  gh api repos/initia-labs/$repo/issues --jq '.[] | select(.state=="open") | {title,created_at}'
done

---

149-149: Verify compatibility with OPinit v0.6.1

The dependency update to github.com/initia-labs/OPinit v0.6.1 aligns with the PR objectives mentioning related changes in OPinit PR #126.

go.mod (3)

Line range hint 261-278: Security and bug fixes in replace directives look appropriate

The replace directives address known security issues and bugs:

• Replacing deprecated jwt-go with maintained golang-jwt
• Fixing GHSA-h395-qcrw-5vmq vulnerability in gin-gonic/gin
• Using cosmos fork of keyring for better security
• Downgrading goleveldb to avoid simulation failures

---

39-39: Verify compatibility with Go 1.23.0

The dependency github.com/initia-labs/OPinit has been updated to v0.6.1, which is required for the ante handler changes. However, we should ensure all dependencies are compatible with Go 1.23.0.

#!/bin/bash
# Description: Check for any compatibility issues with Go 1.23.0

# Search for any go.mod files in the codebase
echo "Checking for additional go.mod files..."
fd -t f "go.mod$" --exec sh -c '
    echo "=== {} ==="
    cat "{}" | grep -E "^go |toolchain" || true
'

# Check if any dependencies explicitly require an older Go version
echo "Checking dependency constraints..."
go mod graph | grep -v "github.com/initia-labs/minievm" | sort -u

---

Line range hint 280-295: Verify custom replacements for Initia components

The custom replacements point to specific commits of Initia-maintained forks:

• cometbft → initia-labs/cometbft@a371e2dc
• ibc-go/v8 → initia-labs/ibc-go/v8@19c0b4ad
• go-ethereum → initia-labs/evm@3d312736

These changes appear to be related to the ante handler updates.

✅ Verification successful

Let me try a different approach to verify these replacements.

---

Based on the extensive search results, I can now verify the custom replacements. Let me analyze the usage of these replaced modules:

1. The cometbft replacement is used extensively throughout the codebase for core blockchain functionality, particularly in app initialization, ABCI interfaces, and testing.

2. The ibc-go/v8 replacement is used in IBC-related functionality, especially in the app's IBC hooks and keeper initialization.

3. The go-ethereum replacement is heavily used in the EVM module for implementing Ethereum compatibility, including state management, JSON-RPC endpoints, and ERC20/ERC721 contracts.

The replacements are integral to the codebase's functionality and are used consistently. The commit hashes point to specific versions of Initia's forks that contain customizations needed for the application.

Custom replacements are correctly configured and actively used

The replacements are valid because:

• Each replaced module is extensively used throughout the codebase
• The replacements point to Initia's maintained forks with specific commits
• The usage patterns show these are core dependencies integrated into the application's functionality
• The replacements follow a consistent pattern of using Initia's customized versions for core blockchain components

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the referenced commits exist and contain relevant changes

# Check if the commits exist in the repositories
echo "Verifying commit existence..."
for repo in "cometbft" "ibc-go" "evm"; do
  echo "=== $repo ==="
  gh api repos/initia-labs/$repo/commits/$(rg -o '[0-9a-f]{40}' | grep -w "$repo" -A 1 | tail -n 1) --jq '.commit.message'
done

# Search for ante handler related changes
echo "Checking for ante handler changes..."
rg -l "ante.*handler" 

Length of output: 1868

---

Script:

#!/bin/bash
# Check the actual commit hashes from go.mod
echo "=== Commit hashes from go.mod ==="
cat go.mod | grep -A 1 "initia-labs"

# Check for recent changes in ante handler files
echo -e "\n=== Recent ante handler changes ==="
for file in $(rg -l "ante.*handler" | grep -v "swagger" | grep -v "docs"); do
  echo -e "\n--- $file ---"
  git log -p -1 $file
done

# Check imports of replaced modules
echo -e "\n=== Usage of replaced modules ==="
rg -l "github.com/(cometbft/cometbft|cosmos/ibc-go/v8|ethereum/go-ethereum)" --type go

Length of output: 60494

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

app/upgrade.go (2)

Line range hint 49-61: Consider adding logs for skipped deployments.

The error handling correctly ignores contract address collisions while propagating other errors. However, it would be helpful to log when deployments are skipped due to existing contracts.

 if err := app.EVMKeeper.DeployERC20Factory(ctx); err != nil &&
   // ignore contract address collision error (contract already deployed)
-  !strings.Contains(err.Error(), vm.ErrContractAddressCollision.Error()) {
+  !strings.Contains(err.Error(), vm.ErrContractAddressCollision.Error()) {
   return nil, err
+} else if err != nil {
+  app.Logger(ctx).Info("Skipping ERC20Factory deployment - contract already exists")
 }

---

Line range hint 63-108: Critical: Add safety measures for contract code updates.

The contract update logic has several areas that could be improved for safety and monitoring:

1. Add validation for the extracted runtime code before deployment
2. Consider adding a backup mechanism
3. Add progress tracking for large-scale updates
4. Add validation that the new code maintains the same interface

Consider these improvements:

1. Add code validation:

 code = code[initCodePos+3:]
+// Validate minimum code size
+if len(code) < 100 {  // adjust minimum size based on your contract
+    return nil, fmt.Errorf("extracted runtime code too small: %d bytes", len(code))
+}

2. Add progress tracking:

+var processedContracts int64
 err = app.EVMKeeper.ERC20s.Walk(ctx, nil, func(contractAddr []byte) (bool, error) {
+    processedContracts++
+    if processedContracts%100 == 0 {
+        app.Logger(ctx).Info("Processing ERC20 contracts", "processed", processedContracts)
+    }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 96d8617 and 2b02285.

📒 Files selected for processing (2)

• app/keepers/keepers.go (1 hunks)
• app/upgrade.go (1 hunks)

🔇 Additional comments (4)

app/upgrade.go (3)

Line range hint 110-114: LGTM! Correct implementation of uint64 serialization.

The helper function correctly implements uint64 to bytes conversion using BigEndian encoding.

---

Line range hint 35-47: Verify the default HookMaxGas value.

The code correctly updates OPChild parameters with error handling, but please ensure that opchildtypes.DefaultHookMaxGas is an appropriate value for production use.

#!/bin/bash
# Check the DefaultHookMaxGas value
ast-grep --pattern 'const DefaultHookMaxGas = $_'

---

25-25: LGTM! Verify version consistency.

The version bump from "0.6.5" to "0.6.6" is appropriate for these changes.

✅ Verification successful

Version "0.6.6" appears to be consistently defined

The version string "0.6.6" is only defined in app/upgrade.go and there are no conflicting version numbers found across the codebase. The version bump appears to be cleanly implemented.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify version consistency across the codebase
rg "0\.6\.[56]" --type yaml --type go

Length of output: 51

---

Script:

#!/bin/bash
# Search for version strings with more flexible patterns
rg -i "0\.6\.[0-9]|version.*0\.6|v0\.6" --type yaml --type go

# Also check for specific version numbers in version-related files
fd -e yaml -e go version

Length of output: 133

app/keepers/keepers.go (1)

287-287: LGTM! Necessary setup for authorization message handling.

The addition of SetBankKeeper to the AuthzKeeper is correct and necessary for supporting bank-related authorization messages and fee granter verification.

Let's verify the authorization message handling setup:

✅ Verification successful

Based on the code analysis from the shell script results, I can now provide a final response:

Setting BankKeeper in AuthzKeeper is correct and necessary

The code shows that the AuthzKeeper requires the BankKeeper for proper authorization handling, as evidenced by:

• The keeper initialization in app/keepers/keepers.go follows the correct dependency order:
  1. BankKeeper is initialized first
  2. AuthzKeeper is initialized later
  3. BankKeeper is explicitly set via SetBankKeeper method

This setup is necessary because:

• It enables the authorization module to verify bank-related permissions
• It's part of the standard Cosmos SDK authorization pattern
• The dependency is properly managed through the builder pattern

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify authorization message handling configuration
# Test 1: Check for authz message handlers that require bank keeper
ast-grep --pattern 'func (k Keeper) $$$Bank$$$($$$) $$$'

# Test 2: Check for fee granter verification logic
rg -A 5 'VerifyFeeGranter|ValidateFeeGranter'

Length of output: 106

---

Script:

#!/bin/bash
# Let's try a broader search to understand the authorization and bank keeper integration

# Check for authz keeper implementation and its bank keeper dependency
rg -l "BankKeeper" --type go

# Look for authorization message handling patterns
rg -A 5 "type AuthzKeeper|type BankKeeper" --type go

# Check for fee granter related code
rg -l "FeeGranter" --type go

# Look for ante handler implementations related to authz
rg -A 5 "AnteHandler.*authz|ProcessFeeGranter" --type go

Length of output: 1246

---

Script:

#!/bin/bash
# Let's check the specific implementation in app/ante files since they handle fee and authorization logic

# Check ante.go and fee.go for authorization and fee granter logic
cat app/ante/ante.go
cat app/ante/fee.go

# Check the authz keeper initialization and its dependencies
cat app/keepers/keepers.go

# Look for any authz-related interfaces or types
rg -A 10 "interface.*Authz|type.*Authz" --type go

Length of output: 28759

[codecov]

Codecov Report

Attention: Patch coverage is 2.22222% with 44 lines in your changes missing coverage. Please review.

Project coverage is 28.15%. Comparing base (aef4430) to head (357d9ca).
Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
app/upgrade.go	0.00%	44 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #116      +/-   ##
==========================================
- Coverage   28.16%   28.15%   -0.02%     
==========================================
  Files         126      126              
  Lines       14285    14301      +16     
==========================================
+ Hits         4023     4026       +3     
- Misses       9686     9699      +13     
  Partials      576      576              

Files with missing lines	Coverage Δ
app/keepers/keepers.go	98.06% <100.00%> (+<0.01%)	⬆️
app/upgrade.go	4.00% <0.00%> (-0.29%)	⬇️

... and 4 files with indirect coverage changes

---- 🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests