x# AuthZ for IBC ICS-20
The Cosmos SDK provides send authorizations which can delegate the authority via AuthZ to send from an account to an allow list and with a limit. This specification describes a similar system for ICS-20.
- This should be implemented as a pull request again IBC go by adding an new authz message type.
- The allow list for ICS-20 send must restricted to (address, channel, spend limit). Ie. It’s only secure if a specific destination address is authorized on a specific channel. Without this constraint, the authorization can be subverted by building a malicious IBC connected chain similar to the Evmos IBC airdrop claim security vulnerability.
- The implementation should follow the pattern from bank modules authz implementation. It should add
DispatchActions
,SaveGrant
,DeleteGrant
,GetAuthorization
andIterateGrants
tokeeper.go
in the transfer module.
Adding the authorizations to ICS-20 enables new use cases for ICS-20 like rebalancing assets between chains.