chore: audit x/upgrade module (#2072)

Closes celestiaorg/celestia-app#1961

x/upgrade/README.md

@@ -2,7 +2,22 @@
 
 ## Abstract
 
-The upgrade module removes the entrypoints to the standard upgrade module by not
-registering a message server. It registers the standard upgrade module types to
-preserve the ability to marshal them. Note that the keeper of the standard
-upgrade module is still added to the application.
+This upgrade module is a fork of the cosmos-sdk's
+[x/upgrade](https://github.com/cosmos/cosmos-sdk/tree/main/x/upgrade) module
+that removes the entrypoints to the standard upgrade module by not registering a
+message server.
+
+The goal of this approach is to force social consensus to reach an upgrade
+instead of relying on token voting. It works by simply removing the ability of
+the gov module to schedule an upgrade. This way, the only way to upgrade the
+chain is to agree on the upgrade logic and the upgrade height offchain.
+
+This fork registers the standard upgrade module types to preserve the ability to
+marshal them. Additionally the keeper of the standard upgrade module is still
+added to the application.
+
+## Resources
+
+1. <https://github.com/celestiaorg/celestia-app/pull/1491>
+1. <https://docs.cosmos.network/v0.46/modules/upgrade/>
+1. <https://docs.cosmos.network/v0.46/modules/gov/>

x/upgrade/module.go

@@ -6,7 +6,7 @@ import (
 	upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types"
 )
 
-// TypeRegister is used to register the upgrade modules types in the encoding
+// TypeRegister is used to register the upgrade module's types in the encoding
 // config without defining an entire module.
 type TypeRegister struct{}
 

x/upgrade/test/integration_test.go

@@ -68,8 +68,7 @@ func (s *UpgradeTestSuite) SetupSuite() {
 	s.cctx = cctx
 	require.NoError(t, s.cctx.WaitForNextBlock())
 
-	// set the gov module address
-	// retrieve the gov module account via grpc
+	// Retrieve the gov module account via grpc
 	aqc := authtypes.NewQueryClient(s.cctx.GRPCClient)
 	resp, err := aqc.ModuleAccountByName(
 		s.cctx.GoContext(), &authtypes.QueryModuleAccountByNameRequest{Name: "gov"},
@@ -79,6 +78,7 @@ func (s *UpgradeTestSuite) SetupSuite() {
 	err = s.ecfg.InterfaceRegistry.UnpackAny(resp.Account, &acc)
 	s.Require().NoError(err)
 
+	// Set the gov module address
 	s.govModuleAddress = acc.GetAddress().String()
 }
 
@@ -90,6 +90,8 @@ func (s *UpgradeTestSuite) unusedAccount() string {
 	return acc
 }
 
+// TestLegacyGovUpgradeFailure verifies that a transaction with a legacy
+// software upgrade proposal fails to execute.
 func (s *UpgradeTestSuite) TestLegacyGovUpgradeFailure() {
 	t := s.T()
 
@@ -119,6 +121,8 @@ func (s *UpgradeTestSuite) TestLegacyGovUpgradeFailure() {
 	assert.Contains(t, finalResult.TxResult.Log, "no handler exists for proposal type")
 }
 
+// TestNewGovUpgradeFailure verifies that a transaction with a
+// MsgSoftwareUpgrade fails to execute.
 func (s *UpgradeTestSuite) TestNewGovUpgradeFailure() {
 	t := s.T()
 	sss := types.MsgSoftwareUpgrade{

x/upgrade/test/removal_test.go

@@ -9,6 +9,8 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+// TestRemoval verifies that no handler exists for msg-based software upgrade
+// proposals.
 func TestRemoval(t *testing.T) {
 	app, _ := testutil.SetupTestAppWithGenesisValSet(app.DefaultConsensusParams())
 	sftwrUpgrd := sdkupgradetypes.MsgSoftwareUpgrade{}