fix: limit tokenfactory changeadmin with page requests & index it properly

[Thaleszh]

Description

Limit tokenfactory changeadmin with page requests & index it properly

Type of change

• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Added new tests for page request and for

PR Checklist:

Make sure each step was done:

• Updated changelog with PR's intent
• Lint with make lint-fix

[coderabbitai]

Warning

Rate limit exceeded

@Thaleszh has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 57 minutes and 18 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 57 minutes and 18 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7f5ada19-25d8-4202-8a35-69bc5781e0e4

📥 Commits

Reviewing files that changed from the base of the PR and between 7689cd3 and 9585048.

📒 Files selected for processing (1)

• x/tokenfactory/keeper/creators.go

Walkthrough

Adds pagination to tokenfactory denom queries (creator/admin) at proto, gRPC, CLI, and keeper layers; introduces an admin secondary index with add/remove helpers and accessor, and updates keeper query implementations to paginate using the index. Adds a v2 store migration to populate the admin index, tests for pagination and migration, bumps the tokenfactory consensus version to 2, and registers a v7.2.0 upgrade handler and upgrade metadata. Also updates CHANGELOG and wiring in app upgrades to use v7_2.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding pagination (page requests) to tokenfactory queries and implementing proper admin indexing to mitigate denial-of-service vulnerabilities.
Description check	✅ Passed	The description is related to the changeset, mentioning pagination and indexing as well as testing and changelog updates that align with the actual modifications across multiple files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/limit-tokenfactory-changeadmin

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 2.27273% with 86 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
x/tokenfactory/keeper/admins.go	0.00%	28 Missing ⚠️
x/tokenfactory/keeper/creators.go	0.00%	16 Missing ⚠️
x/tokenfactory/migrations/v2/migrate.go	0.00%	13 Missing ⚠️
x/tokenfactory/client/cli/query.go	16.66%	10 Missing ⚠️
x/tokenfactory/keeper/grpc_query.go	0.00%	6 Missing ⚠️
x/tokenfactory/module.go	0.00%	3 Missing and 1 partial ⚠️
wasmbinding/tokenfactory/queries.go	0.00%	3 Missing ⚠️
x/tokenfactory/keeper/keeper.go	0.00%	3 Missing ⚠️
x/tokenfactory/types/keys.go	0.00%	2 Missing ⚠️
x/tokenfactory/simulation/operations.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/app.go (1)

71-82: ⚠️ Potential issue | 🟠 Major

Keep older upgrade handlers registered.

Upgrades is the source for both setupUpgradeHandlers() and setupUpgradeStoreLoaders(). Replacing the previous entry with only v7_2.Upgrade means this binary no longer knows about earlier upgrade plans, which can break replay or restore from states that have not crossed them yet.

🔧 Suggested fix

+	v7_1_mainnet "github.com/kiichain/kiichain/v7/app/upgrades/v7_1_mainnet"
 	v7_2 "github.com/kiichain/kiichain/v7/app/upgrades/v7_2"
@@
 	Upgrades = []upgrades.Upgrade{
+		v7_1_mainnet.Upgrade,
 		v7_2.Upgrade,
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/app.go` around lines 71 - 82, The Upgrades slice currently only contains
v7_2.Upgrade which removes prior upgrade handlers used by setupUpgradeHandlers()
and setupUpgradeStoreLoaders(); restore the previous upgrade entries instead of
replacing them by adding back the earlier upgrade variables (e.g., previous
v*_*.Upgrade identifiers that were present before v7_2) into the Upgrades =
[]upgrades.Upgrade{ ... } list alongside v7_2.Upgrade so all historical upgrades
remain registered and available to the upgrade setup functions.

🧹 Nitpick comments (1)

x/tokenfactory/keeper/admins_test.go (1)

608-617: Assert the follow-up page too.

These checks stop at NextKey != nil. Fetching the next page and verifying the combined result set would catch broken cursor handling, duplicates, and skipped denoms.

Also applies to: 644-652

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@x/tokenfactory/keeper/admins_test.go` around lines 608 - 617, The test stops
after asserting Pagination.NextKey is set but doesn't fetch the follow-up page;
update the test to call suite.queryClient.DenomsFromAdmin again using
QueryDenomsFromAdminRequest with Pagination.Key set to the returned
res.Pagination.NextKey, assert NoError, append/merge the second page results
with the first, and then assert the combined result count matches the expected
total and contains no duplicates (e.g., by checking unique denom count); apply
the same follow-up-page fetch/assert pattern to the other assertion block that
mirrors this test.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@wasmbinding/tokenfactory/queries.go`:
- Around line 138-141: The current call to
tokenFactoryKeeper.GetDenomsFromCreator in the wasm binding (passing nil
pagination) triggers an unbounded full scan; update the wasm query to accept and
forward a pagination parameter (e.g., a PageRequest from the query payload) and
pass it to GetDenomsFromCreator, and update the response shape
(DenomsByCreatorResponse) to include pagination fields so callers can page
results; if you prefer a temporary fix instead, enforce an explicit cap when
calling GetDenomsFromCreator (e.g., set a safe PageRequest limit) and document
in the wasm query handler and API docs that results may be truncated when the
limit is hit.

In `@x/tokenfactory/keeper/admins.go`:
- Around line 83-101: GetDenomsFromAdmin currently only rejects requests whose
req.Limit > types.MaxPageSize but treats a nil req (or req with zero limit) as
"no cap" and returns the full index; fix by normalizing the pagination request
before calling query.Paginate: if req is nil create a local query.PageRequest
with Limit = types.MaxPageSize (and default Offset/Key/CountTotal as needed),
and if req.Limit == 0 set it to types.MaxPageSize; then validate the (possibly
adjusted) Limit against types.MaxPageSize and pass that normalized request into
query.Paginate so nil/zero pagination cannot bypass the cap.

In `@x/tokenfactory/keeper/creators.go`:
- Around line 23-39: GetDenomsFromCreator currently only validates MaxPageSize
when req != nil, allowing an unbounded result when pagination is omitted; fix by
normalizing the page request before calling query.Paginate: create a local
pageReq variable = req, and if pageReq == nil set it to
&query.PageRequest{Limit: types.MaxPageSize}; keep the existing validation that
returns an error if pageReq.Limit > types.MaxPageSize, then pass pageReq to
query.Paginate(store, pageReq, ...). Apply the same change to the analogous
function in admins.go (the admin pagination routine) so both
GetDenomsFromCreator and the admin list use a default capped PageRequest and
cannot return unbounded results.

---

Outside diff comments:
In `@app/app.go`:
- Around line 71-82: The Upgrades slice currently only contains v7_2.Upgrade
which removes prior upgrade handlers used by setupUpgradeHandlers() and
setupUpgradeStoreLoaders(); restore the previous upgrade entries instead of
replacing them by adding back the earlier upgrade variables (e.g., previous
v*_*.Upgrade identifiers that were present before v7_2) into the Upgrades =
[]upgrades.Upgrade{ ... } list alongside v7_2.Upgrade so all historical upgrades
remain registered and available to the upgrade setup functions.

---

Nitpick comments:
In `@x/tokenfactory/keeper/admins_test.go`:
- Around line 608-617: The test stops after asserting Pagination.NextKey is set
but doesn't fetch the follow-up page; update the test to call
suite.queryClient.DenomsFromAdmin again using QueryDenomsFromAdminRequest with
Pagination.Key set to the returned res.Pagination.NextKey, assert NoError,
append/merge the second page results with the first, and then assert the
combined result count matches the expected total and contains no duplicates
(e.g., by checking unique denom count); apply the same follow-up-page
fetch/assert pattern to the other assertion block that mirrors this test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 36409e24-9039-4713-b172-914358050aee

📥 Commits

Reviewing files that changed from the base of the PR and between 09193f4 and 020cf4b.

⛔ Files ignored due to path filters (2)

• x/tokenfactory/types/query.pb.go is excluded by !**/*.pb.go
• x/tokenfactory/types/query.pb.gw.go is excluded by !**/*.pb.gw.go

📒 Files selected for processing (16)

• CHANGELOG.md
• app/app.go
• app/upgrades/v7_2/constants.go
• app/upgrades/v7_2/upgrade.go
• proto/kiichain/tokenfactory/v1beta1/query.proto
• wasmbinding/tokenfactory/queries.go
• x/tokenfactory/client/cli/query.go
• x/tokenfactory/keeper/admins.go
• x/tokenfactory/keeper/admins_test.go
• x/tokenfactory/keeper/creators.go
• x/tokenfactory/keeper/grpc_query.go
• x/tokenfactory/keeper/keeper.go
• x/tokenfactory/migrations/v2/migrate.go
• x/tokenfactory/module.go
• x/tokenfactory/simulation/operations.go
• x/tokenfactory/types/keys.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@x/tokenfactory/migrations/v2/migrate.go`:
- Around line 24-30: The loop currently fetches authority metadata via
GetAuthorityMetadata and always calls AddDenomFromAdmin which can write an entry
under an empty admin; after retrieving metadata (the variable metadata from
GetAuthorityMetadata) add a guard that skips calling AddDenomFromAdmin when
metadata is zero-valued or metadata.Admin is empty/zero (e.g., metadata.Admin ==
"" or equivalent zero address check for your Admin type), effectively continue
to the next denom so you don't insert denoms under an empty admin key.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5549c3db-fc04-4689-9c2d-a9c81a62060a

📥 Commits

Reviewing files that changed from the base of the PR and between 0b2ab48 and 7689cd3.

📒 Files selected for processing (1)

• x/tokenfactory/migrations/v2/migrate.go