feat: only authorized relayers can invoke handlers with commitment proof verification (#240)

* feat: only relayer can invoke handlers containing proof verificaiton

* chore: update tests + only allow auth relayer to register client

* fix: not needed for send_packet

Author: Farhad-Shabani

cairo-contracts/packages/apps/src/transfer/components/transfer.cairo

@@ -184,6 +184,8 @@ pub mod TokenTransferComponent {
             version_proposal: AppVersion,
             ordering: ChannelOrdering
         ) -> AppVersion {
+            self.assert_owner();
+
             assert(port_id_on_a == TRANSFER_PORT_ID(), TransferErrors::INVALID_PORT_ID);
 
             if version_proposal.is_non_zero() {
@@ -204,6 +206,8 @@ pub mod TokenTransferComponent {
             version_on_a: AppVersion,
             ordering: ChannelOrdering
         ) -> AppVersion {
+            self.assert_owner();
+
             assert(version_on_a == VERSION(), TransferErrors::INVALID_APP_VERSION);
 
             VERSION()
@@ -215,12 +219,16 @@ pub mod TokenTransferComponent {
             chan_id_on_a: ChannelId,
             version_on_b: AppVersion
         ) {
+            self.assert_owner();
+
             assert(version_on_b == VERSION(), TransferErrors::INVALID_APP_VERSION);
         }
 
         fn on_chan_open_confirm(
             ref self: ComponentState<TContractState>, port_id_on_b: PortId, chan_id_on_b: ChannelId
-        ) {}
+        ) {
+            self.assert_owner();
+        }
 
         fn on_recv_packet(
             ref self: ComponentState<TContractState>, packet: Packet

cairo-contracts/packages/contracts/src/tests/channel.cairo

@@ -8,7 +8,7 @@ use starknet_ibc_testkit::configs::{
 };
 use starknet_ibc_testkit::dummies::{
     HEIGHT, TIMESTAMP, COSMOS, STARKNET, CLIENT_ID, CONNECTION_ID, CHANNEL_ID, PORT_ID, SUPPLY,
-    PACKET_COMMITMENT_ON_SN, RELAYER, SN_USER, CS_USER
+    PACKET_COMMITMENT_ON_SN, SN_USER, CS_USER
 };
 use starknet_ibc_testkit::event_spy::{TransferEventSpyExt, ChannelEventSpyExt};
 use starknet_ibc_testkit::handles::{CoreHandle, AppHandle, ERC20Handle};
@@ -466,8 +466,6 @@ fn try_timeout_packet(timeout_height: Height, timeout_timestamp: Timestamp) {
 
     start_cheat_caller_address(ics20.address, core.address);
 
-    core.register_relayer(RELAYER());
-
     let msg = comet_cfg
         .dummy_msg_update_client(
             CLIENT_ID(), comet_cfg.latest_height, updating_height.clone(), updating_timestamp,

cairo-contracts/packages/contracts/src/tests/client.cairo

@@ -1,7 +1,7 @@
 use snforge_std::spy_events;
 use starknet_ibc_core::client::{UpdateResponse, StatusTrait, ClientContractTrait};
 use starknet_ibc_testkit::configs::CometClientConfigTrait;
-use starknet_ibc_testkit::dummies::{HEIGHT, RELAYER};
+use starknet_ibc_testkit::dummies::HEIGHT;
 use starknet_ibc_testkit::event_spy::ClientEventSpyExt;
 use starknet_ibc_testkit::handles::CoreHandle;
 use starknet_ibc_testkit::setup::SetupImpl;
@@ -58,8 +58,6 @@ fn test_update_comet_client_ok() {
     // Update Client
     // -----------------------------------------------------------
 
-    core.register_relayer(RELAYER());
-
     // Update the client to a new height and time.
     let updating_height = cfg.latest_height.clone() + HEIGHT(1);
     let updating_time = cfg.latest_timestamp.clone() + 1;

cairo-contracts/packages/core/src/channel/components/handler.cairo

@@ -9,15 +9,17 @@ pub mod ChannelHandlerComponent {
         Map, StorageMapReadAccess, StorageMapWriteAccess, StoragePointerReadAccess,
         StoragePointerWriteAccess
     };
-    use starknet::{get_block_timestamp, get_block_number};
+    use starknet::{get_block_timestamp, get_block_number, get_caller_address};
+    use starknet_ibc_core::channel::ChannelHandlerComponent::ClientHandlerComponent::ClientReaderTrait;
     use starknet_ibc_core::channel::{
         ChannelEventEmitterComponent, IChannelHandler, IChannelQuery, MsgChanOpenInit,
         MsgChanOpenTry, MsgChanOpenAck, MsgChanOpenConfirm, MsgRecvPacket, MsgAckPacket,
         MsgTimeoutPacket, ChannelEnd, ChannelEndTrait, ChannelErrors, PacketTrait, ChannelOrdering,
         AppVersion, Receipt, ReceiptTrait, Packet, Acknowledgement
     };
     use starknet_ibc_core::client::{
-        ClientHandlerComponent, ClientContract, ClientContractTrait, Height, HeightImpl
+        ClientHandlerComponent, ClientContract, ClientContractTrait, Height, HeightImpl,
+        ClientErrors
     };
     use starknet_ibc_core::commitment::{
         StateProof, Commitment, CommitmentZero, compute_packet_commitment, compute_ack_commitment
@@ -56,6 +58,9 @@ pub mod ChannelHandlerComponent {
     // IChannelHandler
     // -----------------------------------------------------------
 
+    // NOTE: Authorized relayer check is temporary and will be removed once
+    // commitment proof verification is implemented.
+
     #[embeddable_as(CoreChannelHandler)]
     impl CoreChannelHandlerImpl<
         TContractState,
@@ -77,18 +82,21 @@ pub mod ChannelHandlerComponent {
         fn chan_open_try(
             ref self: ComponentState<TContractState>, msg: MsgChanOpenTry
         ) -> ChannelId {
+            self.assert_authorized_relayer();
             let channel_sequence = self.read_next_channel_sequence();
             self.chan_open_try_validate(channel_sequence, msg.clone());
             self.chan_open_try_execute(channel_sequence, msg)
         }
 
         fn chan_open_ack(ref self: ComponentState<TContractState>, msg: MsgChanOpenAck) {
+            self.assert_authorized_relayer();
             let chan_end_on_a = self.read_channel_end(@msg.port_id_on_a, @msg.chan_id_on_a);
             self.chan_open_ack_validate(chan_end_on_a.clone(), msg.clone());
             self.chan_open_ack_execute(chan_end_on_a, msg);
         }
 
         fn chan_open_confirm(ref self: ComponentState<TContractState>, msg: MsgChanOpenConfirm) {
+            self.assert_authorized_relayer();
             let chan_end_on_b = self.read_channel_end(@msg.port_id_on_b, @msg.chan_id_on_b);
             self.chan_open_confirm_validate(chan_end_on_b.clone(), msg.clone());
             self.chan_open_confirm_execute(chan_end_on_b, msg);
@@ -101,20 +109,23 @@ pub mod ChannelHandlerComponent {
         }
 
         fn recv_packet(ref self: ComponentState<TContractState>, msg: MsgRecvPacket) {
+            self.assert_authorized_relayer();
             let chan_end_on_b = self
                 .read_channel_end(@msg.packet.port_id_on_b, @msg.packet.chan_id_on_b);
             self.recv_packet_validate(msg.clone(), chan_end_on_b.clone());
             self.recv_packet_execute(msg, chan_end_on_b);
         }
 
         fn ack_packet(ref self: ComponentState<TContractState>, msg: MsgAckPacket) {
+            self.assert_authorized_relayer();
             let chan_end_on_a = self
                 .read_channel_end(@msg.packet.port_id_on_a, @msg.packet.chan_id_on_b);
             self.ack_packet_validate(msg.clone(), chan_end_on_a.clone());
             self.ack_packet_execute(msg, chan_end_on_a);
         }
 
         fn timeout_packet(ref self: ComponentState<TContractState>, msg: MsgTimeoutPacket) {
+            self.assert_authorized_relayer();
             let chan_end_on_a = self
                 .read_channel_end(@msg.packet.port_id_on_a, @msg.packet.chan_id_on_a);
             self.timeout_packet_validate(msg.clone(), chan_end_on_a.clone());
@@ -1078,6 +1089,15 @@ pub mod ChannelHandlerComponent {
                     root_on_b
                 );
         }
+
+        fn assert_authorized_relayer(self: @ComponentState<TContractState>) {
+            let client_comp = get_dep_component!(self, ClientHandler);
+
+            assert(
+                client_comp.in_allowed_relayers(get_caller_address()),
+                ClientErrors::UNAUTHORIZED_RELAYER
+            );
+        }
     }
 
     // -----------------------------------------------------------

cairo-contracts/packages/core/src/client/components/handler.cairo

@@ -118,6 +118,10 @@ pub mod ClientHandlerComponent {
             client_type: felt252,
             client_address: ContractAddress
         ) {
+            assert(
+                self.in_allowed_relayers(get_caller_address()), ClientErrors::UNAUTHORIZED_RELAYER
+            );
+
             self.write_supported_client(client_type, client_address);
         }
     }

cairo-contracts/packages/testkit/src/setup.cairo

@@ -68,10 +68,12 @@ pub impl SetupImpl of SetupTrait {
 
         let mut comet = setup.deploy_client(client_contract_name);
 
-        core.register_client(CLIENT_TYPE(), comet.address);
+        core.register_relayer(RELAYER());
 
         start_cheat_caller_address(core.address, RELAYER());
 
+        core.register_client(CLIENT_TYPE(), comet.address);
+
         (core, comet)
     }
 
@@ -109,6 +111,10 @@ pub impl SetupImpl of SetupTrait {
 
         let comet = setup.deploy_client(client_contract_name);
 
+        core.register_relayer(RELAYER());
+
+        start_cheat_caller_address(core.address, RELAYER());
+
         core.register_client(CLIENT_TYPE(), comet.address);
 
         let mut erc20 = setup.deploy_erc20();
@@ -117,8 +123,6 @@ pub impl SetupImpl of SetupTrait {
 
         core.register_app(TRANSFER_PORT_ID(), ics20.address);
 
-        start_cheat_caller_address(core.address, RELAYER());
-
         (core, ics20, erc20)
     }
 }