-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: check for correct signer in PFB construction #4027
Conversation
📝 Walkthrough📝 WalkthroughWalkthroughThe changes in this pull request involve modifications to the Changes
Possibly related PRs
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
x/blob/types/payforblob.go (2)
46-61
: LGTM with a minor suggestion for error handling.The enhanced validation flow and parameter rename improve clarity and correctness. Consider wrapping the AccAddressFromBech32 error for better context.
signerBytes, err := sdk.AccAddressFromBech32(signer) if err != nil { - return nil, err + return nil, fmt.Errorf("invalid signer address: %w", err) }
232-240
: Consider improving readability of the validation logic.While the implementation is functionally correct, the condition could be more intuitive, and the error message could be more user-friendly.
func ValidateBlobShareVersion(signer sdk.AccAddress, blobs ...*share.Blob) error { for _, blob := range blobs { - if blob.ShareVersion() != share.ShareVersionOne && !bytes.Equal(blob.Signer(), []byte(signer)) { - return ErrInvalidBlobSigner.Wrapf("blob signer %X does not match msgPFB signer %X", blob.Signer(), signer) + // For ShareVersionOne, validate that the blob signer matches the message signer + if blob.ShareVersion() == share.ShareVersionOne && !bytes.Equal(blob.Signer(), []byte(signer)) { + return ErrInvalidBlobSigner.Wrapf( + "invalid signer for ShareVersionOne blob: expected %s, got %s", + signer.String(), + sdk.AccAddress(blob.Signer()).String(), + ) } } return nil }
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (2)
pkg/user/signer.go
(0 hunks)x/blob/types/payforblob.go
(3 hunks)
💤 Files with no reviewable changes (1)
- pkg/user/signer.go
🔇 Additional comments (1)
x/blob/types/payforblob.go (1)
4-4
: LGTM: Import addition is appropriate.
The "bytes" import is correctly added and used for byte comparison in the new validation function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
app/test/check_tx_test.go (1)
192-203
: LGTM! Consider enhancing test readability.The test case correctly verifies that CheckTx rejects transactions where the blob's signer doesn't match the transaction signer. The implementation properly isolates the test variable by first creating a valid transaction and then modifying only the signer.
Consider adding a comment explaining the test strategy to make it more maintainable:
getTx: func() []byte { signer := createSigner(t, kr, accs[10], encCfg.TxConfig, 11) + // First create a valid blob and transaction blob, err := share.NewV1Blob(share.RandomBlobNamespace(), []byte("data"), signer.Account(accs[10]).Address()) require.NoError(t, err) blobTx, _, err := signer.CreatePayForBlobs(accs[10], []*share.Blob{blob}, opts...) require.NoError(t, err) + // Replace the blob with one that has a different signer blob, err = share.NewV1Blob(share.RandomBlobNamespace(), []byte("data"), testnode.RandomAddress().(sdk.AccAddress)) require.NoError(t, err)app/test/process_proposal_test.go (1)
324-326
: Add a comment to clarify the purpose of modifyingmsg.Signer
Modifying
msg.Signer
after creation may be non-obvious to readers. Since this test aims to simulate a message with an invalid signer, consider adding a comment to explain the intention behind overwriting theSigner
field.Apply this diff to add a clarifying comment:
msg, err := blobtypes.NewMsgPayForBlobs(falseAddr.String(), appconsts.LatestVersion, blob) require.NoError(t, err) + // Overwrite the Signer to simulate an invalid signer scenario msg.Signer = addr.String()
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (3)
app/test/check_tx_test.go
(1 hunks)app/test/process_proposal_test.go
(1 hunks)x/blob/types/payforblob.go
(3 hunks)
🔇 Additional comments (3)
x/blob/types/payforblob.go (3)
46-46
: LGTM: Parameter name change improves clarity.
The rename from version
to appVersion
better reflects the parameter's purpose as the application version used in commitment creation.
52-60
: LGTM: Early signer validation enhances security.
The new validation logic properly converts and validates the signer address before proceeding with expensive operations like commitment creation. This aligns with the PR's objective to catch signer mismatches early in the transaction process.
232-240
: Document ShareVersion validation rules.
While the validation for ShareVersionOne is clear, it would be helpful to document why ShareVersionZero blobs don't require signer validation. Consider adding a comment explaining the different validation rules for each share version.
Let's verify the share version usage across the codebase:
if err := blobtypes.ValidateBlobs(blobs...); err != nil { | ||
return nil, 0, err | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is just redundant, correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, it's called below in NewMsgPayForBlobs
We already check this in `CheckTx` and `ProcessProposal`. This adds the same check to the client side construction so it errors before being submitted to the network. (the check being that the signer in the blob and the actual signer of the PFB are the same) (cherry picked from commit 55247cb)
We already check this in
CheckTx
andProcessProposal
. This adds the same check to the client side construction so it errors before being submitted to the network. (the check being that the signer in the blob and the actual signer of the PFB are the same)