feat: blocked addrs

[beer-1]

• Introduce sudo functions to do not block chain operations
• Retrieve account info with is_blocked

Summary by CodeRabbit

• New Features

  • Introduced the is_blocked parameter to account information retrieval, adding the ability to check if an account is blocked.
  • Added new functions for sudo operations (sudo_transfer, sudo_deposit, sudo_mint) in coin and fungible asset modules, with associated permission checks.

• Enhancements

  • Refactored account information functions to return structured AccountInfo objects.
  • Updated various modules to handle the is_blocked status, improving account management and security.

• Bug Fixes

  • Added logic to prevent depositing to blocked accounts in fungible asset transactions.

These updates enhance account management, introduce new administrative functions, and improve security by handling blocked accounts appropriately.

[coderabbitai]

Warning

Rate limit exceeded

@beer-1 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 4 minutes and 50 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 66bb8a9 and 28bfde3.

Walkthrough

This update introduces a new boolean parameter is_blocked across various files and modules, enhancing account functionality. The changes span header files, Go bindings, Rust, Move modules, and tests. The is_blocked parameter adds the capability to check whether an account is blocked, affecting account information retrieval, account creation, and transaction handling. This enhances the system’s ability to manage and enforce account restrictions.

Changes

File(s) / Group	Change Summary
api/bindings.h	Added bool* parameter to function signature within a struct.
api/callbacks.go, api/callbacks_cgo.go, api/mocks.go	Updated get_account_info_fn, GetAccountInfo, cGetAccountInfo to include bool *is_blocked parameter.
crates/compiler/src/mocks.rs, crates/e2e-move-tests/src/test_utils/mock_chain.rs	Updated AccountAPI and MockAccountAPI implementations to include bool is_blocked parameter in return tuples.
crates/natives/src/account.rs	Added bool, /* is_blocked */ to methods/functions related to account management. Updated add_new_account, native_get_account_info, and other relevant methods.
libmovevm/bindings.h	Added bool* parameter to function signature, specifically affecting logic related to sharing amounts.
libmovevm/src/api.rs	Updated GoApi_vtable and get_account_info function to handle bool is_blocked parameter and return it in the tuple.
precompile/modules/initia_stdlib/sources/account.move	Refactored get_account_info to return AccountInfo object, added is_blocked_with_info, updated native functions account_info, set_account_info, and added tests.
precompile/modules/initia_stdlib/sources/coin.move, precompile/modules/initia_stdlib/sources/fa/fungible_asset.move, precompile/modules/initia_stdlib/sources/managed_coin.move	Added new functions check_sudo, sudo_transfer, and sudo_deposit. Introduced ECANNOT_DEPOSIT_TO_BLOCKED_ACCOUNT constant, updated deposit logic to handle blocked accounts.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant GoAPI
    participant AccountService
    participant Database

    User->>GoAPI: Request Account Info
    GoAPI->>AccountService: GetAccountInfo(address)
    AccountService->>Database: FetchAccountData(address)
    Database-->>AccountService: AccountData(found, account_number, sequence, account_type, is_blocked)
    AccountService-->>GoAPI: Return(found, account_number, sequence, account_type, is_blocked)
    GoAPI-->>User: Response(found, account_number, sequence, account_type, is_blocked)

Loading

sequenceDiagram
    participant Admin
    participant BlockService
    participant AccountService
    participant Database

    Admin->>BlockService: BlockAccount(address)
    BlockService->>Database: UpdateAccountStatus(address, is_blocked=true)
    Database-->>BlockService: Confirmation
    BlockService-->>Admin: Account Blocked

Loading

Poem

The code now gleams with changes bright,
To block accounts and set them right.
With checks and balances now in place,
Ensuring smooth and safer space.
Transactions flow, and systems gleam,
A better world, a coder's dream.
🐇💻✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 89108c7 and 02b4caa.

Files selected for processing (19)

• api/bindings.h (1 hunks)
• api/callbacks.go (5 hunks)
• api/callbacks_cgo.go (2 hunks)
• api/mocks.go (2 hunks)
• crates/compiler/src/mocks.rs (1 hunks)
• crates/e2e-move-tests/src/test_utils/mock_chain.rs (4 hunks)
• crates/natives/src/account.rs (8 hunks)
• libmovevm/bindings.h (1 hunks)
• libmovevm/src/api.rs (5 hunks)
• precompile/modules/initia_stdlib/sources/account.move (7 hunks)
• precompile/modules/initia_stdlib/sources/coin.move (3 hunks)
• precompile/modules/initia_stdlib/sources/fa/fungible_asset.move (9 hunks)
• precompile/modules/initia_stdlib/sources/fa/primary_fungible_store.move (2 hunks)
• precompile/modules/initia_stdlib/sources/managed_coin.move (1 hunks)
• precompile/modules/minitia_stdlib/sources/account.move (7 hunks)
• precompile/modules/minitia_stdlib/sources/coin.move (3 hunks)
• precompile/modules/minitia_stdlib/sources/fa/fungible_asset.move (9 hunks)
• precompile/modules/minitia_stdlib/sources/fa/primary_fungible_store.move (2 hunks)
• precompile/modules/minitia_stdlib/sources/managed_coin.move (1 hunks)

Files not reviewed due to errors (2)

• precompile/modules/initia_stdlib/sources/account.move (no review received)
• precompile/modules/initia_stdlib/sources/coin.move (no review received)

Additional comments not posted (32)

crates/compiler/src/mocks.rs (1)

66-68: The addition of is_blocked to the get_account_info function aligns with the PR's objectives. Consider adding a comment explaining the significance of the is_blocked value in this context.

api/callbacks_cgo.go (1)

14-14: The addition of is_blocked to cGetAccountInfo and its gateway function is crucial for supporting the new account block status feature. Consider adding documentation for the is_blocked parameter to clarify its usage and impact.

Also applies to: 45-46

precompile/modules/initia_stdlib/sources/managed_coin.move (1)

41-68: The implementation of sudo_mint and check_sudo functions are well-constructed with necessary security checks. Consider enhancing the documentation to explain the security checks and the conditions under which these functions should be used.

precompile/modules/minitia_stdlib/sources/managed_coin.move (1)

45-48: Ensure proper access control for the check_sudo function.

api/bindings.h (1)

195-195: The addition of the is_blocked parameter to get_account_info in the API bindings is correctly implemented. Ensure that all callers of this function are updated to handle this new parameter.

libmovevm/bindings.h (1)

195-195: This change appears to be a duplicate of the one in api/bindings.h. Ensure there is no duplication of functionality or conflicting implementations between these files.

libmovevm/src/api.rs (1)

37-37: The integration of the is_blocked parameter in the get_account_info function is well-implemented. Ensure that the handling of this parameter is consistent across all API functions and that error handling is robust.

Also applies to: 106-106

Verification successful

---

The integration of the is_blocked parameter is consistent across all relevant files and functions.

• libmovevm/src/api.rs
• crates/natives/src/account.rs
• crates/e2e-move-tests/src/test_utils/mock_chain.rs
• crates/compiler/src/mocks.rs

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify consistent handling of `is_blocked` across all API functions.

# Test: Search for `is_blocked` usage in API functions. Expect: Consistent handling.
rg --type rust $'is_blocked'

Length of output: 1798

crates/natives/src/account.rs (5)

38-38: Addition of is_blocked parameter to AccountAPI trait.

This change enables the system to handle account status checks directly within the account info retrieval, enhancing security and control flows.

---

53-56: Expansion of test_accounts in NativeAccountContext to include is_blocked.

This extension is necessary for accurately testing the handling of blocked accounts within the system.

---

89-92: Method set_account_info now handles is_blocked.

Proper handling and testing of the blocked status of accounts are crucial, and this change facilitates that.

---

Line range hint 121-157: Updated native_get_account_info to handle is_blocked.

The inclusion of is_blocked in account information retrieval aligns with the new requirements and enhances the system's capability to manage account statuses effectively.

---

Line range hint 300-315: Enhancement of native_test_only_set_account_info to include is_blocked.

This change is vital for testing environments to accurately reflect the new account blocking functionality.

precompile/modules/minitia_stdlib/sources/account.move (2)

22-27: Addition of is_blocked to AccountInfo struct.

This change is crucial for integrating the account blocking functionality into the system, enhancing security and control mechanisms.

---

34-35: Updated account creation functions to consider is_blocked.

These updates are necessary to ensure that new accounts respect the blocked status and that the system's integrity is maintained.

Also applies to: 43-46, 58-58

precompile/modules/minitia_stdlib/sources/coin.move (3)

7-8: New imports for error handling and signer operations are correctly added.

---

23-24: The addition of minitia_std::managed_coin as a friend module supports new functionalities.

---

54-79: The additions of EUNAUTHORIZED, sudo_transfer, and sudo_deposit correctly implement the new sudo functionalities for secure coin management.

crates/e2e-move-tests/src/test_utils/mock_chain.rs (2)

258-258: Addition of is_blocked parameter to get_account_info enhances testing capabilities to reflect new account status features.

---

Line range hint 309-337: Updated MockAccountAPI structure and methods to include is_blocked status, correctly supporting new account management features.

api/callbacks.go (1)

16-16: Correctly added is_blocked parameter to API function signatures to handle new account status checks.

Also applies to: 31-31, 363-399

precompile/modules/initia_stdlib/sources/fa/primary_fungible_store.move (1)

39-39: Added initia_std::coin as a friend module to allow access to restricted functions. Ensure this change is aligned with the security model, as it grants significant privileges.

precompile/modules/minitia_stdlib/sources/fa/primary_fungible_store.move (3)

39-39: Friend declaration for minitia_std::coin is appropriate for accessing restricted functions in the coin module.

---

260-272: Ensure proper permissions for the sudo_deposit function.

Verification successful

---

Ensure proper permissions for the sudo_deposit function.

• The sudo_deposit function is marked as public(friend), which restricts its usage to specific modules within the same package. This visibility ensures that only trusted modules can call this function.
• The search results show that sudo_deposit is only called within the expected contexts in the Move files.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify that the `sudo_deposit` function can only be called by the chain.
# Test: Search for calls to `sudo_deposit` outside of expected contexts.
rg --type move $'sudo_deposit'

Length of output: 58

---

---

Script:

#!/bin/bash
# Description: Verify that the `sudo_deposit` function can only be called by the chain.
# Test: Search for calls to `sudo_deposit` within Move files.
rg 'sudo_deposit' --glob '*.move'

Length of output: 1864

---

274-294: The implementation of sudo_transfer appears correct but ensure that it can only be called by the chain.

precompile/modules/initia_stdlib/sources/fa/fungible_asset.move (4)

63-64: The introduction of the constant ECANNOT_DEPOSIT_TO_BLOCKED_ACCOUNT is aligned with the PR's objective to handle blocked accounts.

---

601-607: Repeating the logic to prevent deposits to blocked accounts in deposit_with_ref ensures consistency across different deposit methods. Double-check that this does not introduce redundancy that could be refactored.
[REFACTOR_SUGGESTion]
Consider abstracting the blocked account check into a separate function to avoid code duplication across different deposit functions.

---

457-462: The addition of a check to prevent deposits to blocked accounts is crucial for security and compliance. Ensure that the function is_blocked_store_addr is correctly implemented and tested.

---

637-647: Similarly, sudo_deposit allows for administrative control over deposits, which is a powerful feature that needs to be tightly controlled.

Verify that this function can only be called by authorized entities to prevent potential misuse.

Verification successful

---

The sudo_deposit function is defined with the public(friend) visibility modifier in multiple files, which restricts its access to modules within the same address space. This visibility ensures that only authorized modules can call this function.

• precompile/modules/initia_stdlib/sources/coin.move
• precompile/modules/minitia_stdlib/sources/coin.move
• precompile/modules/minitia_stdlib/sources/fa/primary_fungible_store.move
• precompile/modules/minitia_stdlib/sources/fa/fungible_asset.move
• precompile/modules/initia_stdlib/sources/fa/primary_fungible_store.move
• precompile/modules/initia_stdlib/sources/fa/fungible_asset.move

Given this context, the public(friend) visibility modifier already ensures that only authorized entities within the same address space can call sudo_deposit.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify that `sudo_deposit` can only be called by authorized entities.

# Test: Search for permission checks around the usage of `sudo_deposit`.
rg --type move $'sudo_deposit'

Length of output: 58

---

---

Script:

#!/bin/bash
# Description: Verify that `sudo_deposit` can only be called by authorized entities.

# Test: Search for the definition of `sudo_deposit` and its usage across the codebase.
rg 'sudo_deposit' --glob '*.move'

Length of output: 1864

---

---

Script:

#!/bin/bash
# Description: Extract the definitions of the `sudo_deposit` function to understand their context.

# Extract the `sudo_deposit` function definitions from the identified files.
ast-grep --lang move --pattern 'public(friend) fun sudo_deposit($_, $_) { $$$ }' --json

Length of output: 198

---

---

Script:

#!/bin/bash
# Description: Search for the `sudo_deposit` function definitions with the `public(friend)` visibility modifier.

# Search for the `sudo_deposit` function definitions with the `public(friend)` visibility modifier.
rg 'public\(friend\) fun sudo_deposit' --glob '*.move'

Length of output: 1023

precompile/modules/minitia_stdlib/sources/fa/fungible_asset.move (4)

63-64: The addition of the constant ECANNOT_DEPOSIT_TO_BLOCKED_ACCOUNT is aligned with the PR's goal to handle blocked accounts. Ensure that this constant is used consistently across all relevant functions.

---

1102-1122: The test case test_deposit_blocked_account checks the behavior of depositing into a blocked account. It's crucial to ensure that this test case and similar ones are part of a continuous integration pipeline to prevent regressions in the handling of blocked accounts.

---

1124-1144: Similarly, test_deposit_blocked_account_with_ref should be part of regular testing routines. This ensures that even with reference-based operations, blocked accounts are handled correctly.

---

623-635: The sudo_transfer function is introduced to allow privileged transfers by the chain. This is a critical function, and it's important to ensure that it is thoroughly tested, especially since it bypasses certain checks like frozen status.

[coderabbitai]

The sudo_deposit function correctly implements the logic to deposit assets into an account's primary store. However, consider handling errors or exceptions that may arise from account::create_account or fungible_asset::sudo_deposit.

To improve robustness, wrap these operations in a try-catch block and handle potential exceptions appropriately.

[coderabbitai]

The sudo_transfer function is well-implemented, ensuring both sender and recipient stores exist before executing the transfer. However, consider adding logging for audit purposes, especially since this operation involves asset transfers which are critical operations.

Add logging statements before and after the transfer to facilitate tracking and auditing of these operations.

[coderabbitai]

The introduction of sudo_transfer as a chain-specific administrative function is a significant addition. It allows bypassing certain checks which could be dangerous if not properly secured.

Ensure that appropriate permissions checks are in place to prevent unauthorized use of this function.

[coderabbitai]

The logic to prevent deposits to blocked accounts is correctly implemented. However, consider adding a detailed comment explaining the is_blocked_store_addr function for clarity.

+        // Check if the store address is associated with a blocked account
         assert!(
             !is_blocked_store_addr(store_addr),
             error::invalid_argument(ECANNOT_DEPOSIT_TO_BLOCKED_ACCOUNT)
         );

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// cannot deposit to blocked account
	let store_addr = object::object_address(store);
	assert!(
	!is_blocked_store_addr(store_addr),
	error::invalid_argument(ECANNOT_DEPOSIT_TO_BLOCKED_ACCOUNT)
	);
	// cannot deposit to blocked account
	let store_addr = object::object_address(store);
	// Check if the store address is associated with a blocked account
	assert!(
	!is_blocked_store_addr(store_addr),
	error::invalid_argument(ECANNOT_DEPOSIT_TO_BLOCKED_ACCOUNT)
	);

[coderabbitai]

The updated return values of GetAccountInfo correctly include the is_blocked status. Ensure there are unit tests covering scenarios where an account is blocked and not blocked.

Would you like me to help create these unit tests?

Also applies to: 156-162

[coderabbitai]

Tip

Codebase Verification

The search did not return any results indicating that the sudo_deposit function is covered by tests. This suggests that there may be insufficient test coverage for this function.

• Ensure that the sudo_deposit function is covered by comprehensive tests.

Analysis chain

The sudo_deposit function complements sudo_transfer by allowing deposits in a privileged context. Ensure that this function is also covered by comprehensive tests.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify thorough testing of `sudo_deposit` function.

# Test: Search for test cases involving `sudo_deposit`. Expect: Multiple test cases covering various scenarios.
rg --type move $'sudo_deposit'

Length of output: 58

---

---

Script:

#!/bin/bash
# Description: Verify thorough testing of `sudo_deposit` function.

# Test: Search for test cases involving `sudo_deposit`. Expect: Multiple test cases covering various scenarios.
rg 'sudo_deposit'

Length of output: 1848

---

---

Script:

#!/bin/bash
# Description: Verify thorough testing of `sudo_deposit` function.

# Step 1: Identify test files (assuming test files contain 'test' in their filename or are in a 'tests' directory)
test_files=$(fd --type f --name '*test*.move' || fd --type f --glob 'tests/**/*.move')

# Step 2: Search for `sudo_deposit` within identified test files
if [ -n "$test_files" ]; then
  rg 'sudo_deposit' $test_files
else
  echo "No test files found."
fi

Length of output: 407

---

---

Script:

#!/bin/bash
# Description: Verify thorough testing of `sudo_deposit` function.

# Step 1: Identify test files (assuming test files contain 'test' in their filename or are in a 'tests' directory)
test_files=$(fd --type f --glob '**/*test*.move' || fd --type f --glob 'tests/**/*.move')

# Step 2: Search for `sudo_deposit` within identified test files
if [ -n "$test_files" ]; then
  rg 'sudo_deposit' $test_files
else
  echo "No test files found."
fi

Length of output: 3002

[coderabbitai]

Tip

Codebase Verification

The search results indicate that there are no direct or indirect test cases covering the sudo_mint function in the codebase. Comprehensive testing, especially for error paths, is essential to ensure the robustness of this function.

• Please add test cases for the sudo_mint function, covering both successful and error scenarios.

Analysis chain

The implementation of sudo_mint appears correct and adheres to the principles of access control and resource management. However, ensure comprehensive testing, especially for error paths.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify comprehensive testing for `sudo_mint`.

# Test: Search for test cases involving `sudo_mint`. Expect: Tests covering both successful and error paths.
rg --type move $'sudo_mint'

Length of output: 55

---

---

Script:

#!/bin/bash
# Locate all .move files to understand the directory structure.
fd --extension move

Length of output: 7985

---

---

Script:

#!/bin/bash
# Search for test cases involving `sudo_mint` in identified .move files.
rg 'sudo_mint' precompile/modules/tests/sources/

Length of output: 48

---

---

Script:

#!/bin/bash
# Search for references to `sudo_mint` in all .move files to identify any indirect test coverage.
rg 'sudo_mint' --glob '**/*.move'

Length of output: 216

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 02b4caa and 66bb8a9.

Files selected for processing (2)

• precompile/modules/initia_stdlib/sources/coin.move (3 hunks)
• precompile/modules/initia_stdlib/sources/staking.move (2 hunks)

Files skipped from review as they are similar to previous changes (1)

• precompile/modules/initia_stdlib/sources/coin.move

Additional comments not posted (2)

precompile/modules/initia_stdlib/sources/staking.move (2)

678-679: Consider using a well-defined constant for the module address instead of hardcoding @relayer.
[REFACTOR_SUGGESTion]
Using a constant for addresses like @relayer increases code maintainability and reduces the risk of errors if the address needs to be changed in the future. You could define a constant at the beginning of your module:

const RELAYER_ADDRESS: address = @relayer;

Then replace @relayer with RELAYER_ADDRESS throughout your code.

---

908-910: Ensure that the use of sudo_deposit adheres to security best practices.

The sudo_deposit function appears to perform a critical operation related to asset transfer. It's crucial to ensure that this operation is secured against unauthorized access. Consider implementing additional checks to verify that the @relayer address has the appropriate permissions to perform this operation.

[sh-cha]

LGTM