Skip to content

Instantly share code, notes, and snippets.

@zmanian

zmanian/ICS-20-authz.md

Created September 19, 2022 05:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zmanian/719cd3423b84fc382cd04fcf1d7d2a2c to your computer and use it in GitHub Desktop.
Save zmanian/719cd3423b84fc382cd04fcf1d7d2a2c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ICS-20-authz.md

x# AuthZ for IBC ICS-20

Context

The Cosmos SDK provides send authorizations which can delegate the authority via AuthZ to send from an account to an allow list and with a limit. This specification describes a similar system for ICS-20.

Implementation Details

  • This should be implemented as a pull request again IBC go by adding an new authz message type.
  • The allow list for ICS-20 send must restricted to (address, channel, spend limit). Ie. It’s only secure if a specific destination address is authorized on a specific channel. Without this constraint, the authorization can be subverted by building a malicious IBC connected chain similar to the Evmos IBC airdrop claim security vulnerability.
  • The implementation should follow the pattern from bank modules authz implementation. It should add DispatchActions ,SaveGrant,DeleteGrant,GetAuthorization and IterateGrants to keeper.go in the transfer module.

Use cases

Adding the authorizations to ICS-20 enables new use cases for ICS-20 like rebalancing assets between chains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment