fix(ibc-hooks): safely construct JSON message using Go struct and json.Marshal

[odaysec]

This pull request addresses a potential security on issue #277 and reliability issue related to manual JSON string construction with interpolated, user-controlled values. Previously, the OnAcknowledgementPacketOverride method built the sudoMsg JSON payload using fmt.Sprintf, directly interpolating the ackAsJson value into a JSON string. This approach risks incorrect JSON formatting and potential injection vulnerabilities.

Changes

• Replaced manual JSON string construction with a structured approach.
• Introduced a Go struct representing the message payload.
• Used json.Marshal to safely encode the struct into JSON, ensuring proper escaping and quoting of all fields.

This change improves code safety, maintainability, and ensures compliance with Go’s best practices for JSON handling.

Affected Area

• ibc-apps/modules/ibc-hooks/wasm_hook.go

  Lines 307 to 309 in 5596e0a

  	sudoMsg := []byte(fmt.Sprintf(
  	`{"ibc_lifecycle_complete": {"ibc_ack": {"channel": "%s", "sequence": %d, "ack": %s, "success": %s}}}`,
  	packet.SourceChannel, packet.Sequence, ackAsJson, success))

  specifically the OnAcknowledgementPacketOverride method.

[odaysec]

/cc @gjermundgaraba. I kindly request that you urgently consider merging this pull request at your earliest convenience.