rework with AuthenticationHandler instead of ActionHandler

crates/astria-core/src/protocol/abci.rs

@@ -26,6 +26,7 @@ impl AbciErrorCode {
     pub const NONCE_TAKEN: Self = Self(unsafe { NonZeroU32::new_unchecked(15) });
     pub const ACCOUNT_SIZE_LIMIT: Self = Self(unsafe { NonZeroU32::new_unchecked(16) });
     pub const PARKED_FULL: Self = Self(unsafe { NonZeroU32::new_unchecked(17) });
+    pub const AUTHORIZATION_FAILED: Self = Self(unsafe { NonZeroU32::new_unchecked(18) });
 }
 
 impl AbciErrorCode {
@@ -64,6 +65,7 @@ impl AbciErrorCode {
                 "the account has reached the maximum number of parked transactions".into()
             }
             Self::PARKED_FULL => "the mempool is out of space for more parked transactions".into(),
+            Self::AUTHORIZATION_FAILED => "the transaction failed authorization checks".into(),
             Self(other) => {
                 format!("invalid error code {other}: should be unreachable (this is a bug)")
             }

crates/astria-sequencer/src/authority/action.rs

@@ -19,7 +19,6 @@ use crate::{
         StateWriteExt as _,
     },
     ibc::StateWriteExt as _,
-    transaction::StateReadExt as _,
 };
 
 #[async_trait::async_trait]
@@ -29,17 +28,6 @@ impl ActionHandler for ValidatorUpdate {
     }
 
     async fn check_and_execute<S: StateWrite>(&self, mut state: S) -> Result<()> {
-        let from = state
-            .get_transaction_context()
-            .expect("transaction source must be present in state when executing an action")
-            .address_bytes();
-        // ensure signer is the valid `sudo` key in state
-        let sudo_address = state
-            .get_sudo_address()
-            .await
-            .wrap_err("failed to get sudo address from state")?;
-        ensure!(sudo_address == from, "signer is not the sudo key");
-
         // ensure that we're not removing the last validator or a validator
         // that doesn't exist, these both cause issues in cometBFT
         if self.power == 0 {
@@ -80,20 +68,10 @@ impl ActionHandler for SudoAddressChange {
     /// check that the signer of the transaction is the current sudo address,
     /// as only that address can change the sudo address
     async fn check_and_execute<S: StateWrite>(&self, mut state: S) -> Result<()> {
-        let from = state
-            .get_transaction_context()
-            .expect("transaction source must be present in state when executing an action")
-            .address_bytes();
         state
             .ensure_base_prefix(&self.new_address)
             .await
             .wrap_err("desired new sudo address has an unsupported prefix")?;
-        // ensure signer is the valid `sudo` key in state
-        let sudo_address = state
-            .get_sudo_address()
-            .await
-            .wrap_err("failed to get sudo address from state")?;
-        ensure!(sudo_address == from, "signer is not the sudo key");
         state
             .put_sudo_address(self.new_address)
             .wrap_err("failed to put sudo address in state")?;
@@ -108,20 +86,10 @@ impl ActionHandler for IbcSudoChange {
     }
 
     async fn check_and_execute<S: StateWrite>(&self, mut state: S) -> Result<()> {
-        let from = state
-            .get_transaction_context()
-            .expect("transaction source must be present in state when executing an action")
-            .address_bytes();
         state
             .ensure_base_prefix(&self.new_address)
             .await
             .wrap_err("desired new ibc sudo address has an unsupported prefix")?;
-        // ensure signer is the valid `sudo` key in state
-        let sudo_address = state
-            .get_sudo_address()
-            .await
-            .wrap_err("failed to get sudo address from state")?;
-        ensure!(sudo_address == from, "signer is not the sudo key");
         state
             .put_ibc_sudo_address(self.new_address)
             .wrap_err("failed to put ibc sudo address in state")?;