bug(ics29): fees cannot be refunded to blocked module account

[crodriguezvega]

Summary of Bug

It is possible to use a module account address as the refund address for packet incentivisation. However, this module account may be blocked and fees would still be escrowed, since SendCoinsFromAccountToModule does not check that the sender address is blocked.

The problem arises when:

• fees are escrowed from a module account that is blocked,
• if any of the fees need to be refunded, then that fails because the module account is blocked and SendCoinsFromModuleToAccount does check whether the recipient is in the blocked addresses list or not, and if it's blocked then it returns an error.

Expected Behaviour

A module account that is blocked should not be allowed to incentivize a packet.

Version

v4.0.0-rc2

Proposed solution

We should check after here in PayPacketFee in and here in PayPacketFeeAsync that the RefundAddress is not blocked and return an error otherwise.

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged/assigned

[AdityaSripal]

So basically we have to prevent a blocked address from being the escrow payer?

[colin-axner]

So basically we have to prevent a blocked address from being the escrow payer?

yes, otherwise they wouldn't be able to be refunded