Merge v0.7.1

Merge code new

.VERSION

@@ -1 +1 @@
-v0.7.0
+v0.7.1

.github/workflows/golangci-lint.yml

@@ -1,15 +1,6 @@
 name: golangci-lint
 on:
-  push:
-    branches:
-      - dev
-      - serenity
-      - euphoria
-  pull_request:
-permissions:
-  contents: read
-  # Optional: allow read access to pull request. Use with `only-new-issues` option.
-  # pull-requests: read
+  workflow_call:
 jobs:
   golangci:
     name: lint

.github/workflows/pre-release.yml

@@ -1,60 +1,58 @@
-# This workflow is useful if you want to automate the process of:
-#
-# a) Creating a new prelease when you push a new tag with a "v" prefix (version).
-#
-#    This type of prerelease is meant to be used for production: alpha, beta, rc, etc. types of releases.
-#    After the prerelease is created, you need to make your changes on the release page at the relevant
-#    Github page and publish your release.
-#
-# b) Creating/updating the "latest" prerelease when you push to your default branch.
-#
-#    This type of prelease is useful to make your bleeding-edge binaries available to advanced users.
-#
-# The workflow will not run if there is no tag pushed with a "v" prefix and no change pushed to your 
-# default branch.
+name: pre-release
 on: 
   push:
     branches:
     - dev
-    - halo
     - serenity
     - euphoria
 
 jobs:
-  might_release:
+  test: 
+    uses: ./.github/workflows/test.yml
+
+  lint:
+    uses: ./.github/workflows/golangci-lint.yml
+
+  pre_release:
+    needs: [test, lint]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      - name: "install go"
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.19'
+      - name: Set variables
+        run: |
+          VER=$(cat .VERSION)-${{ github.head_ref || github.ref_name }}
+          echo "VERSION=$VER" >> $GITHUB_ENV
       
-      - name: "build binary"
-        run: go build -o aurad cmd/aurad/main.go
+      - uses: mukunku/[email protected]
+        id: checkTag
+        with: 
+          tag: ${{ env.VERSION }}
+
+      - name: exit
+        if: ${{ steps.checkTag.outputs.exists == 'true'}} 
+        run: |
+          echo ${{ steps.checkTag.outputs.exists }}
+          exit 1
 
-      - name: Delete the "latest" Release
+      - name: Delete the "latest" Pre-Release
         uses: dev-drprasad/[email protected]
         with:
           keep_latest: 0
-          delete_tag_pattern: ${{ github.head_ref || github.ref_name }}
+          delete_tag_pattern: .*-${{ github.head_ref || github.ref_name }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set variables
-        run: |
-          VER=$(cat .VERSION)
-          echo "VERSION=$VER" >> $GITHUB_ENV
-        
-      - name: Publish the Release
-        uses: softprops/action-gh-release@v1
-        with:
-          tag_name: ${{ github.head_ref || github.ref_name }}_${{ env.VERSION }}
-          prerelease: true
-          target_commitish: ${{ github.head_ref || github.ref_name }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2  
+
+      - name: Publish the Pre-Release
+        run: make release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -1,49 +1,37 @@
-# This workflow is useful if you want to automate the process of:
-#
-# a) Creating a new prelease when you push a new tag with a "v" prefix (version).
-#
-#    This type of prerelease is meant to be used for production: alpha, beta, rc, etc. types of releases.
-#    After the prerelease is created, you need to make your changes on the release page at the relevant
-#    Github page and publish your release.
-#
-# b) Creating/updating the "latest" prerelease when you push to your default branch.
-#
-#    This type of prelease is useful to make your bleeding-edge binaries available to advanced users.
-#
-# The workflow will not run if there is no tag pushed with a "v" prefix and no change pushed to your 
-# default branch.
+name: release
 on: 
   push:
     branches:
     - main
 
 jobs:
-  might_release:
+  test: 
+    uses: ./.github/workflows/test.yml
+
+  lint:
+    uses: ./.github/workflows/golangci-lint.yml
+
+  release:
+    needs: [test, lint]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      - name: "install go"
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.19'
-
-      - name: "build binary"
-        run: go build -o aurad cmd/aurad/main.go
-
       - name: Set variables
         run: |
           VER=$(cat .VERSION)
           echo "VERSION=$VER" >> $GITHUB_ENV
         
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2  
+
       - name: Publish the Release
-        uses: softprops/action-gh-release@v1
-        with:
-          tag_name: aura_${{ env.VERSION }}
-          prerelease: false
-          target_commitish: ${{ github.head_ref || github.ref_name }}
+        run: make release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -1,15 +1,6 @@
 name: go-test
 on:
-  push:
-    branches:
-      - dev
-      - serenity
-      - euphoria
-  pull_request:
-permissions:
-  contents: read
-  # Optional: allow read access to pull request. Use with `only-new-issues` option.
-  # pull-requests: read
+  workflow_call:
 jobs:
   build:
     runs-on: ubuntu-latest

.goreleaser.yaml

@@ -0,0 +1,43 @@
+before:
+  hooks:
+    - wget https://github.com/CosmWasm/wasmvm/releases/download/{{ .Env.LIBWASM_VERSION }}/libwasmvm_muslc.x86_64.a -O /lib/libwasmvm_muslc.a
+    - apk add musl-dev
+env:
+  - CGO_ENABLED=1
+builds:
+  - id: aurad-linux-amd64
+    main: ./cmd/aurad
+    binary: aurad
+    goos:
+      - linux
+    goarch:
+      - amd64
+    flags:
+      - -mod=readonly
+      - -trimpath
+    ldflags:
+      - -s -w
+      - -X github.com/cosmos/cosmos-sdk/version.Name=aura
+      - -X github.com/cosmos/cosmos-sdk/version.AppName=aurad
+      - -X github.com/cosmos/cosmos-sdk/version.Version={{ .Env.VERSION }}
+      - -X github.com/cosmos/cosmos-sdk/version.Commit={{ .Env.COMMIT }}
+      - -X github.com/cometbft/cometbft/version.TMCoreSemVer={{ .Env.BFT_VERSION }}
+      - -X github.com/cosmos/cosmos-sdk/version.BuildTags={{ .Env.BUILD_TAGS_COMMA_SEP }}
+      - -linkmode=external
+      - -extldflags '-Wl,-z,muldefs --static -lm'
+    tags:
+      - netgo
+      - muslc
+release:
+  prerelease: auto
+checksum:
+  name_template: '{{ .ProjectName }}d_{{ .Env.VERSION }}_checksums.txt'
+archives:
+  - id: binary
+    builds:
+      - aurad-linux-amd64
+    name_template: '{{ .ProjectName }}d'
+    wrap_in_directory: false
+    format: binary
+    files:
+      - none*

CHANGELOG.md

@@ -37,6 +37,14 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ## Unreleased
 
+## [v0.7.1] - 2023-10-18
+Update smartaccount
+
+### Changes
+- Change entrypoint call verify to sudo
+- Use post handle to verify valid of tx from smartaccount
+- Verify all smartaccount nested in the authz
+
 ## [v0.7.0] - 2023-09-22
 
 Upgrade sdk to v0.47.4
@@ -140,4 +148,4 @@ Upgrade sdk to v0.47.4
 
 - Bump wasmd version to version `v0.18.0`
 - Bump cosmos-sdk to version `v0.45.5`
-- Feegrant allows to use contract address 
+- Feegrant allows to use contract address 

Makefile

@@ -7,6 +7,12 @@ PACKAGES=$(shell go list ./... | grep -v '/simulation')
 BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
 COMMIT := $(shell git log -1 --format='%H')
 
+# library versions
+LIBWASM_VERSION = $(shell go list -m -f '{{ .Version }}' github.com/CosmWasm/wasmvm)
+
+# docker 
+DOCKER := $(shell which docker)
+
 # don't override user values
 ifeq (,$(VERSION))
 	VERSION := $(shell git describe --tags)
@@ -16,7 +22,6 @@ ifeq (,$(VERSION))
 	endif
 endif
 
-SDK_PACK := $(shell go list -m github.com/cosmos/cosmos-sdk | sed  's/ /\@/g')
 BFT_VERSION := $(shell go list -m github.com/cometbft/cometbft | sed 's:.* ::')
 
 BUILD_TAGS += netgo
@@ -71,6 +76,8 @@ MINIMUM_SUPPORTED_GO_MAJOR_VERSION = 1
 MINIMUM_SUPPORTED_GO_MINOR_VERSION = 19
 GO_VERSION_VALIDATION_ERR_MSG = Golang version is not supported, please update to at least $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION).$(MINIMUM_SUPPORTED_GO_MINOR_VERSION)
 
+GORELEASER_VERSION = v1.20.0
+
 all: build install
 
 install: validate-go-version go.sum
@@ -86,7 +93,7 @@ go.sum: go.mod
 	@echo "--> Ensure dependencies have not been modified"
 	GO111MODULE=on go mod verify
 
-test:
+test: check-go-version
 	@go test -mod=readonly $(PACKAGES)
 
 clean:
@@ -101,4 +108,22 @@ validate-go-version: ## Validates the installed version of go against Mattermost
 	elif [ $(GO_MINOR_VERSION) -lt $(MINIMUM_SUPPORTED_GO_MINOR_VERSION) ] ; then \
 		echo '$(GO_VERSION_VALIDATION_ERR_MSG)';\
 		exit 1; \
-	fi
+	fi
+
+release:
+	git tag $(VERSION)
+	git push origin $(VERSION)
+	$(DOCKER) run \
+		--rm \
+		-e LIBWASM_VERSION=$(LIBWASM_VERSION) \
+		-e GITHUB_TOKEN="$(GITHUB_TOKEN)" \
+		-e VERSION="$(VERSION)" \
+		-e COMMIT="$(COMMIT)" \
+		-e BFT_VERSION="$(BFT_VERSION)" \
+		-e PRE_RELEASE=$(PRE_RELEASE) \
+		-e BUILD_TAGS_COMMA_SEP="$(BUILD_TAGS_COMMA_SEP)" \
+		-v /var/run/docker.sock:/var/run/docker.sock \
+		-v `pwd`:/go/src/github.com/aura-nw/aura \
+		-w /go/src/github.com/aura-nw/aura \
+		ghcr.io/goreleaser/goreleaser:$(GORELEASER_VERSION) \
+		--clean --skip-validate

README.md

@@ -1,6 +1,5 @@
 # Aura
-[![go-test](https://github.com/aura-nw/aura/actions/workflows/test.yml/badge.svg)](https://github.com/aura-nw/aura/actions/workflows/test.yml)
-[![golangci-lint](https://github.com/aura-nw/aura/actions/workflows/golangci-lint.yml/badge.svg)](https://github.com/aura-nw/aura/actions/workflows/golangci-lint.yml)
+[![Release](https://github.com/aura-nw/aura/actions/workflows/release.yml/badge.svg?branch=main)](https://github.com/aura-nw/aura/actions/workflows/release.yml)
 
 This repository contains source code for Aurad (Aura Daemon). Aurad binary is the official client for Aura Network. Aurad is built using Cosmos SDK
 

SECURITY.md

@@ -0,0 +1,29 @@
+# Security Policy
+
+At Aura Network, we take security seriously and consider it to be our utmost priority. 
+If you discover any security vulnerabilities on any products maintaining by us, please follow the following procedure to report to the Aura Network team.
+
+## Reporting Security Issues
+
+Please report security vulnerabilities to **[[email protected]](mailto:[email protected])**. Please also avoid any public discussion for security issues.
+The Aura Network team will send a response indicating the next steps in handling your report and will keep you informed of the progress.
+
+In addition, please include the following information along with your report if you can:
+
+* Your name and affiliation (if any).
+* A description of the technical details of the vulnerabilities. 
+* An explanation of who can exploit this vulnerability, and what they gain when doing so.
+* Whether this vulnerability is public or known to third parties. If it is, please provide details.
+
+## Urgent contact
+
+For any urgent contact, beside sending us email, please don't hesistate to contact our team administrators on Discord at: 
+- eledra | Aura Network#8201
+- Kien#6166
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a pull request or email **[[email protected]](mailto:[email protected])**
+
+
+Thank you for improving the security of Aura Network. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

app/ante.go

@@ -79,6 +79,7 @@ func NewAnteHandler(options HandlerOptions) (sdk.AnteHandler, error) {
 
 		// new ante for account abstraction
 		smartaccount.NewSmartAccountDecorator(options.SmartAccountKeeper),
+		smartaccount.NewValidateAuthzTxDecorator(options.SmartAccountKeeper),
 		ante.NewIncrementSequenceDecorator(options.AccountKeeper),
 		ibcante.NewRedundantRelayDecorator(options.IBCKeeper),
 	}