autopilot hashed sender option (3) (#1046)

x/autopilot/keeper/liquidstake.go

@@ -124,30 +124,6 @@ func (k Keeper) IBCTransferStToken(
 		channelId = hostZone.TransferChannelId
 	}
 
-	// Generate a hashed address for the sender to the next hop,
-	// to prevent impersonation at downstream zones
-	// Note: The channel ID here is different than the one used in PFM
-	// (we use the outbound channelID, they use the inbound channelID)
-	// However, the only thing that matters is that the address is obfuscated,
-	// the additional fields beyond sender just provide more collision resistance
-	hashedAddress, err := types.GenerateHashedAddress(channelId, transferMetadata.Sender)
-	if err != nil {
-		return err
-	}
-
-	// First we need to bank send to the hashed address
-	originalReceiver, err := sdk.AccAddressFromBech32(transferMetadata.Receiver)
-	if err != nil {
-		return err
-	}
-	hashedSender, err := sdk.AccAddressFromBech32(hashedAddress)
-	if err != nil {
-		return err
-	}
-	if err := k.bankKeeper.SendCoins(ctx, originalReceiver, hashedSender, sdk.NewCoins(stToken)); err != nil {
-		return err
-	}
-
 	// Use a long timeout for the transfer
 	timeoutTimestamp := uint64(ctx.BlockTime().UnixNano() + LiquidStakeForwardTransferTimeout.Nanoseconds())
 
@@ -156,7 +132,7 @@ func (k Keeper) IBCTransferStToken(
 		SourcePort:       transfertypes.PortID,
 		SourceChannel:    channelId,
 		Token:            stToken,
-		Sender:           hashedAddress,
+		Sender:           transferMetadata.Receiver,
 		Receiver:         autopilotMetadata.IbcReceiver,
 		TimeoutTimestamp: timeoutTimestamp,
 		Memo:             "autopilot-liquid-stake-and-forward",

x/autopilot/module_ibc.go

@@ -171,9 +171,27 @@ func (im IBCModule) OnRecvPacket(
 
 	//// At this point, we are officially dealing with an autopilot packet
 
-	// Modify the packet data by replacing the JSON metadata field with a receiver address
-	// to allow the packet to continue down the stack
+	// Update the reciever in the packet data so that we can pass the packet down the stack
+	// (since the "receiver" may have technically been a full JSON memo)
 	tokenPacketData.Receiver = autopilotMetadata.Receiver
+
+	// For autopilot liquid stake and forward, we'll override the receiver with a hashed address
+	// The hashed address will also be the sender of the outbound transfer
+	// This is to prevent impersonation at downstream zones
+	// We can identify the forwarding step by whether there's a non-empty IBC receiver field
+	if routingInfo, ok := autopilotMetadata.RoutingInfo.(types.StakeibcPacketMetadata); ok &&
+		routingInfo.Action == types.LiquidStake && routingInfo.IbcReceiver != "" {
+
+		var err error
+		hashedReceiver, err := types.GenerateHashedAddress(packet.DestinationChannel, tokenPacketData.Sender)
+		if err != nil {
+			return channeltypes.NewErrorAcknowledgement(err)
+		}
+		tokenPacketData.Receiver = hashedReceiver
+	}
+
+	// Now that the receiver's been updated on the transfer metadata,
+	// modify the original packet so that we can send it down the stack
 	bz, err := transfertypes.ModuleCdc.MarshalJSON(&tokenPacketData)
 	if err != nil {
 		return channeltypes.NewErrorAcknowledgement(err)