- Introduction to SDK Modules {prereq}
The Cosmos SDK is a framework that makes it easy for developers to build complex decentralised applications from scratch, mainly by composing modules together. As the ecosystem of open source modules for the Cosmos SDK expands, it will become increasingly likely that some of these modules contain vulnerabilities, as a result of the negligence or malice of their developer.
The Cosmos SDK adopts an object-capabilities-based approach to help developers better protect their application from unwanted inter-module interactions, and keeper
s are at the core of this approach. A keeper
can be thought of quite literally as the gatekeeper of a module's store(s). Each store (typically an IAVL
Store) defined within a module comes with a storeKey
, which grants unlimited access to it. The module's keeper
holds this storeKey
(which should otherwise remain unexposed), and defines methods for reading and writing to the store(s).
The core idea behind the object-capabilities approach is to only reveal what is necessary to get the work done. In practice, this means that instead of handling permissions of modules through access-control lists, module keeper
s are passed a reference to the specific instance of the other modules' keeper
s that they need to access (this is done in the application's constructor function). As a consequence, a module can only interact with the subset of state defined in another module via the methods exposed by the instance of the other module's keeper
. This is a great way for developers to control the interactions that their own module can have with modules developed by external developers.
keeper
s are generally implemented in a internal/keeper/keeper.go
file located in the module's folder. By convention, the type keeper
of a module is simply named Keeper
and usually follows the following structure:
type Keeper struct {
// External keepers, if any
// Store key(s)
// codec
}
For example, here is the [type definition of the keeper
from the nameservice tutorial:
Let us go through the different parameters:
- An expected
keeper
is akeeper
external to a module that is required by the internalkeeper
of said module. Externalkeeper
s are listed in the internalkeeper
's type definition as interfaces. These interfaces are themselves defined in ainternal/types/expected_keepers.go
file within the module's folder. In this context, interfaces are used to reduce the number of dependencies, as well as to facilitate the maintenance of the module itself. storeKey
s grant access to the store(s) of the multistore managed by the module. They should always remain unexposed to external modules.- A codec
cdc
, used to marshall and unmarshall struct to/from[]byte
.
Of course, it is possible to define different types of internal keeper
s for the same module (e.g. a read-only keeper
). Each type of keeper
comes with its own constructor function, which is called from the application's constructor function. This is where keeper
s are instantiated, and where developers make sure to pass correct instances of modules' keeper
s to other modules that require it.
Keeper
s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed via the ValidateBasic()
method of the message
and the handler
when keeper
s' methods are called.
Typically, a getter method will present with the following signature
func (k Keeper) Get(ctx sdk.Context, key string) returnType
and go through the following steps:
- Retrieve the appropriate store from the
ctx
using thestoreKey
. This is done through theKVStore(storeKey sdk.StoreKey
method of thectx
. - If it exists, get the
[]byte
value stored at location[]byte(key)
using theGet(key []byte)
method of the store. - Unmarshall the retrieved value from
[]byte
toreturnType
using the codeccdc
. Return the value.
Similarly, a setter method will present with the following signature
func (k Keeper) Set(ctx sdk.Context, key string, value valueType)
and go through the following steps:
- Retrieve the appropriate store from the
ctx
using thestoreKey
. This is done through theKVStore(storeKey sdk.StoreKey
method of thectx
. - Marhsall
value
to[]byte
using the codeccdc
. - Set the encoded value in the store at location
key
using theSet(key []byte, value []byte)
method of the store.
For more, see an example of keeper
's methods implementation from the nameservice tutorial.
Learn about invariants {hide}