feat(x/swingset): allow third party to provision wallet (#10923)

closes: #10912 ## Description Relax the requirement that an account must be provisioned by the submitter of the provisioning message. This allows 3rd parties like dapp owners to gift a smart wallet to their new user. ### Security Considerations I don't believe the original restriction had any actual security reason. A cosmos account can be created without permission, so anyone could already provision a swingset account. It just required an extra transfer of the fee amount. This new mechanism does mean that it's possible to create a swingset account for an address that no-one has the private keys for, but I don't believe there is any security impact to that (same as throwing the keys away after self provision). ### Scaling Considerations None ### Documentation Considerations This change should be documented for chain users. ### Testing Considerations Updated unit tests. ### Upgrade Considerations Requires a chain software upgrade.
Agoric · Feb 5, 2025 · d2b661f · d2b661f
1 parent d718eac
commit d2b661f
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 18 deletions.
diff --git a/golang/cosmos/x/swingset/keeper/keeper.go b/golang/cosmos/x/swingset/keeper/keeper.go
@@ -380,7 +380,7 @@ func makeFeeMenu(powerFlagFees []types.PowerFlagFee) map[string]sdk.Coins {
 
 var privilegedProvisioningCoins sdk.Coins = sdk.NewCoins(sdk.NewInt64Coin("provisionpass", 1))
 
-func calculateFees(balances sdk.Coins, submitter, addr sdk.AccAddress, powerFlags []string, powerFlagFees []types.PowerFlagFee) (sdk.Coins, error) {
+func calculateFees(balances sdk.Coins, powerFlags []string, powerFlagFees []types.PowerFlagFee) (sdk.Coins, error) {
 	fees := sdk.NewCoins()
 
 	// See if we have the balance needed for privileged provisioning.
@@ -389,10 +389,6 @@ func calculateFees(balances sdk.Coins, submitter, addr sdk.AccAddress, powerFlag
 		return fees, nil
 	}
 
-	if !submitter.Equals(addr) {
-		return nil, fmt.Errorf("submitter is not the same as target address for fee-based provisioning")
-	}
-
 	if len(powerFlags) == 0 {
 		return nil, fmt.Errorf("must specify powerFlags for fee-based provisioning")
 	}
@@ -412,9 +408,9 @@ func calculateFees(balances sdk.Coins, submitter, addr sdk.AccAddress, powerFlag
 	return fees, nil
 }
 
-func (k Keeper) ChargeForProvisioning(ctx sdk.Context, submitter, addr sdk.AccAddress, powerFlags []string) error {
+func (k Keeper) ChargeForProvisioning(ctx sdk.Context, submitter sdk.AccAddress, powerFlags []string) error {
 	balances := k.bankKeeper.GetAllBalances(ctx, submitter)
-	fees, err := calculateFees(balances, submitter, addr, powerFlags, k.GetParams(ctx).PowerFlagFees)
+	fees, err := calculateFees(balances, powerFlags, k.GetParams(ctx).PowerFlagFees)
 	if err != nil {
 		return err
 	}

diff --git a/golang/cosmos/x/swingset/keeper/keeper_test.go b/golang/cosmos/x/swingset/keeper/keeper_test.go
@@ -61,15 +61,6 @@ func Test_calculateFees(t *testing.T) {
 			},
 			want: cns(),
 		},
-		{
-			name: "cannot pay fee to provision third party",
-			args: args{
-				submitter:  submitAddr,
-				addr:       utilAddr,
-				powerFlags: []string{"powerflag1"},
-			},
-			errMsg: "submitter is not the same as target address for fee-based provisioning",
-		},
 		{
 			name: "need powerflags for fee provisioning",
 			args: args{
@@ -106,6 +97,21 @@ func Test_calculateFees(t *testing.T) {
 			},
 			want: cns(a(1300)),
 		},
+		{
+			name: "can pay fee to provision third party",
+			args: args{
+				submitter:  submitAddr,
+				addr:       utilAddr,
+				powerFlags: []string{"power1"},
+				powerFlagFees: []types.PowerFlagFee{
+					{
+						PowerFlag: "power1",
+						Fee:       cns(a(1000)),
+					},
+				},
+			},
+			want: cns(a(1000)),
+		},
 		{
 			name: "later menu entries do not override",
 			args: args{
@@ -173,7 +179,7 @@ func Test_calculateFees(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := calculateFees(tt.args.balances, tt.args.submitter, tt.args.addr, tt.args.powerFlags, tt.args.powerFlagFees)
+			got, err := calculateFees(tt.args.balances, tt.args.powerFlags, tt.args.powerFlagFees)
 			var errMsg string
 			if err != nil {
 				errMsg = err.Error()

diff --git a/golang/cosmos/x/swingset/keeper/msg_server.go b/golang/cosmos/x/swingset/keeper/msg_server.go
@@ -158,7 +158,7 @@ func (keeper msgServer) provisionIfNeeded(ctx sdk.Context, owner sdk.AccAddress)
 func (keeper msgServer) Provision(goCtx context.Context, msg *types.MsgProvision) (*types.MsgProvisionResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 
-	err := keeper.ChargeForProvisioning(ctx, msg.Submitter, msg.Address, msg.PowerFlags)
+	err := keeper.ChargeForProvisioning(ctx, msg.Submitter, msg.PowerFlags)
 	if err != nil {
 		return nil, err
 	}