feat(evm): query fungible token mappings by cosmos denom or ERC20 address

[k-yang]

Purpose / Abstract

• Closes feat(evm): Impl a query for FunToken mapping by coin denom or ERC20 contract address #1940
• Adds a gRPC query to query a fungible token mapping by providing either a cosmos denom (e.g. unibi) or an ERC20 address (e.g. 0xAEf9437FF23D48D73271a41a8A094DEc9ac71477)

Summary by CodeRabbit

• New Features
  • Added the ability to query fungible token mappings within the EVM module.
• Tests
  • Introduced tests for token mapping queries to ensure correct functionality and error handling.

[coderabbitai]

Walkthrough

The recent updates introduce a new feature in the Ethereum Virtual Machine (EVM) component, which allows querying fungible token mappings by either coin denomination or ERC-20 contract address. This functionality includes modifications across various files, adding new methods, RPC services, and relevant tests to ensure seamless integration and proper validation of the newly added feature.

Changes

File(s)	Change Summary
CHANGELOG.md	Documented the addition of the fungible token mapping query feature.
eth/rpc/backend/mocks/evm_query_client.go	Added a TokenMapping method to the EVMQueryClient struct.
proto/eth/evm/v1/query.proto	Introduced a new RPC TokenMapping with QueryTokenMappingRequest and QueryTokenMappingResponse definitions.
x/evm/keeper/grpc_query.go	Implemented the TokenMapping method to handle token mapping queries.
x/evm/keeper/grpc_query_test.go	Added a TestQueryTokenMapping function to validate various token mapping scenarios.

Assessment against linked issues

Objective (from issues)	Addressed	Explanation
Implement a query for FunToken mapping by coin denomination or ERC20 contract address (#1940)	✅

Poem

In the realm of code, a tale unfolds,
Tokens mapped with stories told.
From Cosmos' coins to ERC’s might,
Queries now unveil their sight.
Functions, tests, all set to go,
EVM’s magic, watch it glow.
🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.83%. Comparing base (422c676) to head (0d42974).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1949      +/-   ##
==========================================
+ Coverage   64.71%   64.83%   +0.11%     
==========================================
  Files         253      253              
  Lines       16053    16065      +12     
==========================================
+ Hits        10389    10416      +27     
+ Misses       4907     4892      -15     
  Partials      757      757              

Files	Coverage Δ
x/evm/keeper/grpc_query.go	83.19% <100.00%> (+0.75%)	⬆️

... and 1 file with indirect coverage changes

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 2c1198d and 269b956.

Files ignored due to path filters (2)

• x/evm/query.pb.go is excluded by !**/*.pb.go
• x/evm/query.pb.gw.go is excluded by !**/*.pb.gw.go

Files selected for processing (5)

• CHANGELOG.md (1 hunks)
• eth/rpc/backend/mocks/evm_query_client.go (1 hunks)
• proto/eth/evm/v1/query.proto (2 hunks)
• x/evm/keeper/grpc_query.go (1 hunks)
• x/evm/keeper/grpc_query_test.go (1 hunks)

Additional context used

Gitleaks

x/evm/keeper/grpc_query_test.go

952-952: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

GitHub Check: lint

x/evm/keeper/grpc_query_test.go

[failure] 918-918:
Error return value of deps.K.FunTokens.SafeInsert is not checked (errcheck)

---

[failure] 943-943:
Error return value of deps.K.FunTokens.SafeInsert is not checked (errcheck)

Additional comments not posted (7)

proto/eth/evm/v1/query.proto (2)

79-81: New RPC Endpoint TokenMapping Added

The addition of the TokenMapping RPC endpoint is consistent with the PR objectives to allow querying fungible token mappings by cosmos denom or ERC20 address. The specified HTTP GET path seems appropriate for the functionality.

---

309-323: Review of QueryTokenMappingRequest and QueryTokenMappingResponse Message Definitions

The QueryTokenMappingRequest and QueryTokenMappingResponse message types are well-defined. The request includes a single field for the token (either a cosmos denom or ERC20 address), and the response returns a FunToken object. These changes align with the PR's goal to enable querying of token mappings.

It's good that the goproto_getters option is set to false, reducing unnecessary accessor methods in Go, which matches the style of other messages in this file.

eth/rpc/backend/mocks/evm_query_client.go (1)

380-408: New Mock Method TokenMapping Added

The addition of the TokenMapping method to the EVMQueryClient mock is consistent with the introduction of the new RPC method in the Query service. This mock method appears to be correctly structured to simulate the behavior of the actual service method, including handling of context and options, and returning the expected types.

The method uses the Called function from the testify/mock package to simulate calling the actual method, which is a standard practice for mocks in Go.

x/evm/keeper/grpc_query.go (1)

744-769: New Keeper Method TokenMapping Implementation Review

The TokenMapping method correctly implements the functionality to query fungible token mappings by either cosmos denom or ERC20 address, aligning with the PR objectives. The method first attempts to find a mapping by cosmos denom and then by ERC20 address if the first lookup fails. This dual lookup strategy is efficient and covers the required functionality.

However, consider adding a comment explaining the assumption that there is only one mapping for a given denom or ERC20 address, as this could be a significant assumption affecting the method's behavior.

x/evm/keeper/grpc_query_test.go (2)

898-984: Review of TestQueryTokenMapping function.

The test scenarios within TestQueryTokenMapping are well-structured and cover both error and success cases adequately. The tests check for scenarios where a token mapping does not exist and where it does for both a cosmos coin and an ERC20 token. These tests are crucial for validating the correctness of the token mapping feature.

Tools

Gitleaks

952-952: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

GitHub Check: lint

[failure] 918-918:
Error return value of deps.K.FunTokens.SafeInsert is not checked (errcheck)

---

[failure] 943-943:
Error return value of deps.K.FunTokens.SafeInsert is not checked (errcheck)

---

952-952: Security Concern: Potential exposure of sensitive data.

Line 952 contains a hardcoded ERC20 address. While this might not be an immediate security risk, static analysis has flagged it as a potential Generic API Key. Ensure this is not sensitive or confidential information exposed in the test code.

Tools

Gitleaks

952-952: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

CHANGELOG.md (1)

81-81: Changelog Entry for PR #1949 is Correct and Well-Formatted

The changelog entry for the new feature allowing fungible token mapping queries is concise, adheres to the stated changelog guidelines, and properly references the PR. This ensures good traceability and documentation practices.

[coderabbitai]

Handle potential errors from SafeInsert method.

The method deps.K.FunTokens.SafeInsert is called without checking the returned error. It's crucial to handle errors to ensure the robustness of the test setup.

918a919
+ s.Require().NoError(err, "Failed to insert token mapping")
943a944
+ s.Require().NoError(err, "Failed to insert token mapping")

Also applies to: 943-943

Tools

GitHub Check: lint

[failure] 918-918:
Error return value of deps.K.FunTokens.SafeInsert is not checked (errcheck)

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 269b956 and 0d42974.

Files selected for processing (1)

• x/evm/keeper/grpc_query_test.go (1 hunks)

Additional context used

Gitleaks

x/evm/keeper/grpc_query_test.go

952-952: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (2)

x/evm/keeper/grpc_query_test.go (2)

898-898: New test function added for querying token mappings.

This function is crucial for validating the new feature introduced in this PR, ensuring that the mapping queries are correctly handled both when mappings exist and when they do not.

---

952-952: Potential security risk: Detected a Generic API Key.

The line contains an ERC20 address which is flagged as a Generic API Key by static analysis tools. This might be a false positive, but it's good practice to verify the sensitivity of such data and ensure it's not exposing any sensitive operations or services.

Verification successful

---

Potential security risk: Detected a Generic API Key.

The ERC20 address "0xAEf9437FF23D48D73271a41a8A094DEc9ac71477" appears to be used exclusively in test files (x/evm/keeper/funtoken_state_test.go and x/evm/keeper/grpc_query_test.go). These files are typically used for testing purposes and do not usually interact with live systems or sensitive operations.

• x/evm/keeper/funtoken_state_test.go
• x/evm/keeper/grpc_query_test.go

Since these are test files, the risk is minimal. However, it's always good to ensure that such addresses are not used in any sensitive contexts outside of testing.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the sensitivity of the ERC20 address flagged as a potential security risk.

# Test: Search for the ERC20 address usage across the codebase. Expect: No sensitive usage.
rg --type go "0xAEf9437FF23D48D73271a41a8A094DEc9ac71477"

Length of output: 1333

Tools

Gitleaks

952-952: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

[coderabbitai]

Handle potential errors from SafeInsert method.

It is crucial to handle errors to ensure the robustness of the test setup, especially when inserting token mappings which could fail due to database issues or data validation errors.

918a919
+ s.Require().NoError(err, "Failed to insert token mapping")
943a944
+ s.Require().NoError(err, "Failed to insert token mapping")

Also applies to: 943-943