Use dependencies from context in wasmbindings

wasmbinding/message_plugin.go

@@ -10,7 +10,6 @@ import (
 	"github.com/cosmos/cosmos-sdk/x/accesscontrol"
 	aclkeeper "github.com/cosmos/cosmos-sdk/x/accesscontrol/keeper"
 	acltypes "github.com/cosmos/cosmos-sdk/x/accesscontrol/types"
-	"github.com/sei-protocol/sei-chain/utils"
 )
 
 // forked from wasm
@@ -120,27 +119,21 @@ func (decorator SDKMessageDependencyDecorator) DispatchMsg(ctx sdk.Context, cont
 	if err != nil {
 		return nil, nil, err
 	}
-	// get the dependencies for the contract to validate against
-	// TODO: we need to carry wasmDependency in ctx instead of loading again here since here has no access to original msg payload
-	//       which is required for populating id correctly.
-	wasmDependency, err := decorator.aclKeeper.GetWasmDependencyMapping(ctx, contractAddr, []byte{}, false)
-	// If no mapping exists, or mapping is disabled, this message would behave as blocking for all resources
-	if err == aclkeeper.ErrWasmDependencyMappingNotFound {
+	if ctx.TxMsgAccessOps() == nil {
+		// This would be the case if the current block is executed in synchronous mode, or if the query is
+		// sent by sudo calls.
 		// no mapping, we can just continue
 		return decorator.wrapped.DispatchMsg(ctx, contractAddr, contractIBCPortID, msg)
 	}
-	if err != nil {
-		return nil, nil, err
-	}
-	if !wasmDependency.Enabled {
-		// if not enabled, just move on
-		// TODO: confirm that this is ok, is there ever a case where we should still verify dependencies for a disabled dependency? IDTS
+	msgDependency, ok := ctx.TxMsgAccessOps()[ctx.MessageIndex()]
+	if !ok || msgDependency == nil || len(msgDependency) == 0 {
+		// There is no known code path that could lead to this case but still adding it here just in
+		// case we missed something.
+		// no dependency set for the message, just continue
 		return decorator.wrapped.DispatchMsg(ctx, contractAddr, contractIBCPortID, msg)
 	}
 	// convert wasm dependency to a map of resource access and identifier we can look up in
-	lookupMap := BuildWasmDependencyLookupMap(
-		utils.Map(wasmDependency.AccessOps, func(op sdkacltypes.AccessOperationWithSelector) sdkacltypes.AccessOperation { return *op.Operation }),
-	)
+	lookupMap := BuildWasmDependencyLookupMap(msgDependency)
 	// wasm dependency enabled, we need to validate the message dependencies
 	for _, msg := range sdkMsgs {
 		accessOps := decorator.aclKeeper.GetMessageDependencies(ctx, msg)

wasmbinding/query_plugin.go

@@ -10,7 +10,6 @@ import (
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	acl "github.com/cosmos/cosmos-sdk/x/accesscontrol"
 	aclkeeper "github.com/cosmos/cosmos-sdk/x/accesscontrol/keeper"
-	"github.com/sei-protocol/sei-chain/utils"
 )
 
 const (
@@ -51,24 +50,25 @@ type CustomQueryHandler struct {
 }
 
 func (queryHandler CustomQueryHandler) HandleQuery(ctx sdk.Context, caller sdk.AccAddress, request wasmvmtypes.QueryRequest) ([]byte, error) {
-	// TODO: we need to carry wasmDependency in ctx instead of loading again here since here has no access to original msg payload
-	//       which is required for populating id correctly.
-	wasmDependency, err := queryHandler.aclKeeper.GetWasmDependencyMapping(ctx, caller, []byte{}, false)
 	// If no mapping exists, or mapping is disabled, this message would behave as blocking for all resources
 	needToCheckDependencies := true
-	if err == aclkeeper.ErrWasmDependencyMappingNotFound {
+	msgDependency := []accesscontrol.AccessOperation{}
+	if ctx.TxMsgAccessOps() == nil {
+		// This would be the case if the current block is executed in synchronous mode, or if the query is
+		// sent by sudo calls.
 		// no mapping, we can just continue
 		needToCheckDependencies = false
+	} else {
+		if dep, ok := ctx.TxMsgAccessOps()[ctx.MessageIndex()]; !ok || dep == nil || len(dep) == 0 {
+			// There is no known code path that could lead to this case but still adding it here just in
+			// case we missed something.
+			// no dependency set for the message, just continue
+			needToCheckDependencies = false
+		} else {
+			msgDependency = dep
+		}
 	}
-	if err != nil {
-		return nil, err
-	}
-	if !wasmDependency.Enabled {
-		needToCheckDependencies = false
-	}
-	lookupMap := BuildWasmDependencyLookupMap(
-		utils.Map(wasmDependency.AccessOps, func(op accesscontrol.AccessOperationWithSelector) accesscontrol.AccessOperation { return *op.Operation }),
-	)
+	lookupMap := BuildWasmDependencyLookupMap(msgDependency)
 	if request.Bank != nil {
 		// check for BANK resource type
 		accessOp := accesscontrol.AccessOperation{

wasmbinding/test/message_handler_test.go

@@ -51,18 +51,14 @@ func TestMessageHandlerDependencyDecorator(t *testing.T) {
 	})
 
 	// setup the wasm contract's dependency mapping
-	app.AccessControlKeeper.SetWasmDependencyMapping(testContext, contractAddr, sdkacltypes.WasmDependencyMapping{
-		Enabled: true,
-		AccessOps: []sdkacltypes.AccessOperationWithSelector{
-			{
-				Operation: &sdkacltypes.AccessOperation{
-					AccessType:         sdkacltypes.AccessType_WRITE,
-					ResourceType:       sdkacltypes.ResourceType_ANY,
-					IdentifierTemplate: "*",
-				},
-			}, {
-				Operation: acltypes.CommitAccessOp(),
+	testContext = testContext.WithTxMsgAccessOps(map[int][]sdkacltypes.AccessOperation{
+		0: {
+			sdkacltypes.AccessOperation{
+				AccessType:         sdkacltypes.AccessType_WRITE,
+				ResourceType:       sdkacltypes.ResourceType_ANY,
+				IdentifierTemplate: "*",
 			},
+			*acltypes.CommitAccessOp(),
 		},
 	})
 
@@ -87,18 +83,14 @@ func TestMessageHandlerDependencyDecorator(t *testing.T) {
 		},
 	}, events)
 
-	app.AccessControlKeeper.SetWasmDependencyMapping(testContext, contractAddr, sdkacltypes.WasmDependencyMapping{
-		Enabled: true,
-		AccessOps: []sdkacltypes.AccessOperationWithSelector{
-			{
-				Operation: &sdkacltypes.AccessOperation{
-					AccessType:         sdkacltypes.AccessType_WRITE,
-					ResourceType:       sdkacltypes.ResourceType_KV,
-					IdentifierTemplate: "otherIdentifier",
-				},
-			}, {
-				Operation: acltypes.CommitAccessOp(),
+	testContext = testContext.WithTxMsgAccessOps(map[int][]sdkacltypes.AccessOperation{
+		0: {
+			sdkacltypes.AccessOperation{
+				AccessType:         sdkacltypes.AccessType_WRITE,
+				ResourceType:       sdkacltypes.ResourceType_ANY,
+				IdentifierTemplate: "otherIdentifier",
 			},
+			*acltypes.CommitAccessOp(),
 		},
 	})
 
@@ -115,22 +107,19 @@ func TestMessageHandlerDependencyDecorator(t *testing.T) {
 			},
 		},
 	})
+
 	// we expect an error now
-	require.Error(t, accesscontrol.ErrUnexpectedWasmDependency, err)
+	require.Equal(t, accesscontrol.ErrUnexpectedWasmDependency, err)
 
 	// reenable wasm mapping that's correct
-	app.AccessControlKeeper.SetWasmDependencyMapping(testContext, contractAddr, sdkacltypes.WasmDependencyMapping{
-		Enabled: true,
-		AccessOps: []sdkacltypes.AccessOperationWithSelector{
-			{
-				Operation: &sdkacltypes.AccessOperation{
-					AccessType:         sdkacltypes.AccessType_WRITE,
-					ResourceType:       sdkacltypes.ResourceType_KV,
-					IdentifierTemplate: "*",
-				},
-			}, {
-				Operation: acltypes.CommitAccessOp(),
+	testContext = testContext.WithTxMsgAccessOps(map[int][]sdkacltypes.AccessOperation{
+		0: {
+			sdkacltypes.AccessOperation{
+				AccessType:         sdkacltypes.AccessType_WRITE,
+				ResourceType:       sdkacltypes.ResourceType_ANY,
+				IdentifierTemplate: "*",
 			},
+			*acltypes.CommitAccessOp(),
 		},
 	})
 	// lets try with a message that wont decode properly