feat: add duration param to approve method

[arrivets]

Adds the duration parameter to the approve methods.
This is expressed in seconds to add to the current block time

Summary by CodeRabbit

• New Features

  • Added time-based authorization duration to the approve function
  • Enhanced approval functionality with expiration control

• Documentation

  • Improved clarity of documentation comments for approve and allowance functions
  • Added explanatory comments for new duration parameter

• Refactor

  • Updated method signatures across multiple contracts to support time-limited authorizations

[coderabbitai]

Walkthrough

The changes involve adding a new duration parameter to the approve function across multiple Solidity contracts and interfaces related to the Exchange module. This modification allows specifying a time period for authorization, expanding the functionality of the approval mechanism. The changes are consistent across Exchange.sol, ExchangeProxy.sol, and ExchangeTest.sol, updating function signatures and internal logic to support the new duration-based authorization feature.

Changes

File	Change Summary
Exchange.sol	- Updated documentation comments for clarity - Added duration parameter to approve function signature - Modified allowance function documentation
ExchangeProxy.sol	- Updated approve function signature to include duration - Modified internal exchange.approve function call to pass duration
ExchangeTest.sol	- Added duration parameter to approve function - Updated exchange.approve function call with duration parameter

Sequence Diagram

sequenceDiagram
    participant Caller
    participant ExchangeProxy
    participant Exchange
    
    Caller->>ExchangeProxy: approve(msgType, spendLimit, duration)
    ExchangeProxy->>Exchange: approve(address, methods, spendLimit, duration)
    Exchange-->>ExchangeProxy: authorization result
    ExchangeProxy-->>Caller: success status

Loading

Poem

🐰 A Rabbit's Ode to Timed Approvals 🕒

With duration's new embrace,
Approvals dance with temporal grace
Seconds tick, permissions flow
Blockchain's rhythm starts to grow
Hop along, smart contract's might!

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

ExchangeProxy.sol (1)

Line range hint 16-30: Add duration parameter validation and specific error handling.

The implementation should validate the duration parameter and handle duration-specific errors separately.

     function approve(
         ExchangeTypes.MsgType msgType,
         Cosmos.Coin[] memory spendLimit,
         uint256 duration
     ) external returns (bool success) {
+        require(duration > 0, "Duration must be greater than 0");
+        require(duration <= 365 days, "Duration cannot exceed 365 days");
+
         ExchangeTypes.MsgType[] memory methods = new ExchangeTypes.MsgType[](1);
         methods[0] = msgType;
         
         try exchange.approve(address(this), methods, spendLimit, duration) returns (bool approved) {
             return approved;
         } catch Error(string memory reason) {
+            if (bytes(reason).length > 0) {
+                revert(reason);
+            }
             revert("error approving msg with spend limit");
         }
     }

🧹 Nitpick comments (1)

Exchange.sol (1)

13-22: Add validation hints for the duration parameter.

The documentation should specify:

• Whether duration is relative to current block time
• Any minimum/maximum constraints on the duration value
• What happens when duration expires (e.g., automatic revocation)

   /// @dev Approves a list of Cosmos messages.
   /// @param grantee The account address which will be authorized to spend the origin's funds.
   /// @param methods The message type URLs of the methods to approve.
   /// @param spendLimit The spend limit for the methods.
-  /// @param duration The time period for which the authorization is valid (in seconds).
+  /// @param duration The time period in seconds, added to current block time, for which the authorization remains valid.
+  ///                 Must be greater than 0 and less than MAX_DURATION (e.g., 365 days).
+  ///                 The authorization is automatically revoked after expiration.
   /// @return approved Boolean value to indicate if the approval was successful.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 71abc13 and 7958a56.

📒 Files selected for processing (3)

• Exchange.sol (2 hunks)
• ExchangeProxy.sol (1 hunks)
• ExchangeTest.sol (1 hunks)

[coderabbitai]

💡 Codebase verification

Test coverage for duration parameter is missing and poses security risks

The codebase analysis confirms there are no test cases covering the duration parameter in the approval mechanism. This is a security concern as it leaves authorization expiration and validation untested.

Required test coverage:

• Authorization expiration scenarios
• Invalid duration values (zero, negative, extremely large)
• Attempts to use expired authorizations
• Edge cases around duration boundaries

🔗 Analysis chain

Add test coverage for duration parameter scenarios.

The test implementation should include test cases for:

• Valid and invalid duration values
• Authorization expiration
• Behavior when using expired authorizations

Run this script to check current test coverage:

Would you like me to generate comprehensive test cases for the duration parameter?

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check test coverage for duration parameter

# Look for test cases related to duration
rg -l "test.*duration" 
rg -l "test.*expir"

# Look for duration validation tests
rg -l "test.*invalid.*duration"

Length of output: 80

---

Script:

#!/bin/bash
# Find all test files
echo "=== Test Files ==="
fd -e sol -e js -e ts ".*[tT]est.*"

echo -e "\n=== Approve Tests ==="
# Search for approve function tests with context
rg -A 10 "function.*test.*approve" 

echo -e "\n=== Duration Usage ==="
# Look for duration parameter usage in tests
rg "duration.*approve|approve.*duration"

Length of output: 538