Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: sender check for MsgStoreBlockList is not in CheckTx #1613

Merged
merged 8 commits into from
Oct 8, 2024
Merged

Problem: sender check for MsgStoreBlockList is not in CheckTx #1613

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
cc638bf
Problem: no max length validation for blob msg
mmsqe Sep 30, 2024
2f594db
Merge remote-tracking branch 'origin/main' into validate_blob
mmsqe Oct 7, 2024
dd51c58
cleanup legacy msg related stuff
mmsqe Oct 7, 2024
354d043
check from
mmsqe Oct 7, 2024
e250f69
doc
mmsqe Oct 7, 2024
f7405ce
check for all
mmsqe Oct 8, 2024
8f36580
Revert "check for all"
mmsqe Oct 8, 2024
a7e864c
Merge branch 'main' into validate_blob
yihuang Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
* [#1610](https://github.com/crypto-org-chain/cronos/pull/1610) Sync e2ee module with v1.3.x branch.
* [#1612](https://github.com/crypto-org-chain/cronos/pull/1612) Support ibc channel upgrade related methods.
* [#1614](https://github.com/crypto-org-chain/cronos/pull/1614) Bump cosmos-sdk to v0.50.10.
* [#1613](https://github.com/crypto-org-chain/cronos/pull/1613) Check admin sender for MsgStoreBlockList in check tx.

### Bug Fixes

Expand Down
2 changes: 1 addition & 1 deletion app/app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1106,7 +1106,7 @@ func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64, bl

blockedMap[addr.String()] = struct{}{}
}
blockAddressDecorator := NewBlockAddressesDecorator(blockedMap)
blockAddressDecorator := NewBlockAddressesDecorator(blockedMap, app.CronosKeeper.GetParams)
options := evmante.HandlerOptions{
AccountKeeper: app.AccountKeeper,
BankKeeper: app.BankKeeper,
Expand Down
18 changes: 17 additions & 1 deletion app/block_address.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,26 @@
import (
"fmt"

"cosmossdk.io/errors"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"github.com/cosmos/cosmos-sdk/x/auth/signing"
"github.com/crypto-org-chain/cronos/v2/x/cronos/types"
)

// BlockAddressesDecorator block addresses from sending transactions
type BlockAddressesDecorator struct {
blockedMap map[string]struct{}
getParams func(ctx sdk.Context) types.Params
}

func NewBlockAddressesDecorator(blacklist map[string]struct{}) BlockAddressesDecorator {
func NewBlockAddressesDecorator(
blacklist map[string]struct{},
getParams func(ctx sdk.Context) types.Params,
) BlockAddressesDecorator {
return BlockAddressesDecorator{
blockedMap: blacklist,
getParams: getParams,
}
}

Expand All @@ -31,6 +39,14 @@
}
}
}
admin := bad.getParams(ctx).CronosAdmin
yihuang marked this conversation as resolved.
Show resolved Hide resolved
for _, msg := range tx.GetMsgs() {
if blocklistMsg, ok := msg.(*types.MsgStoreBlockList); ok {
if admin != blocklistMsg.From {
return ctx, errors.Wrap(sdkerrors.ErrUnauthorized, "msg sender is not authorized")

Check warning on line 46 in app/block_address.go

View check run for this annotation

Codecov / codecov/patch

app/block_address.go#L42-L46 

Added lines #L42 - L46 were not covered by tests
mmsqe marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
mmsqe marked this conversation as resolved.
Show resolved Hide resolved
}
return next(ctx, tx, simulate)
}
174 changes: 3 additions & 171 deletions x/cronos/types/messages.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,7 @@ import (
"github.com/ethereum/go-ethereum/common"
)

const (
TypeMsgConvertVouchers = "ConvertVouchers"
TypeMsgTransferTokens = "TransferTokens"
TypeMsgUpdateTokenMapping = "UpdateTokenMapping"
TypeMsgUpdateParams = "UpdateParams"
TypeMsgTurnBridge = "TurnBridge"
TypeMsgUpdatePermissions = "UpdatePermissions"
TypeMsgStoreBlockList = "StoreBlockList"
)
const TypeMsgUpdateTokenMapping = "UpdateTokenMapping"

var (
_ sdk.Msg = &MsgConvertVouchers{}
Expand All @@ -39,31 +31,6 @@ func NewMsgConvertVouchers(address string, coins sdk.Coins) *MsgConvertVouchers
}
}

// Route ...
func (msg MsgConvertVouchers) Route() string {
return RouterKey
}

// Type ...
func (msg MsgConvertVouchers) Type() string {
return TypeMsgConvertVouchers
}

// GetSigners ...
func (msg *MsgConvertVouchers) GetSigners() []sdk.AccAddress {
address, err := sdk.AccAddressFromBech32(msg.Address)
if err != nil {
panic(err)
}
return []sdk.AccAddress{address}
}

// GetSignBytes ...
func (msg *MsgConvertVouchers) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

// ValidateBasic ...
func (msg *MsgConvertVouchers) ValidateBasic() error {
_, err := sdk.AccAddressFromBech32(msg.Address)
Expand All @@ -90,31 +57,6 @@ func NewMsgTransferTokens(from string, to string, coins sdk.Coins) *MsgTransferT
}
}

// Route ...
func (msg MsgTransferTokens) Route() string {
return RouterKey
}

// Type ...
func (msg MsgTransferTokens) Type() string {
return TypeMsgTransferTokens
}

// GetSigners ...
func (msg *MsgTransferTokens) GetSigners() []sdk.AccAddress {
from, err := sdk.AccAddressFromBech32(msg.From)
if err != nil {
panic(err)
}
return []sdk.AccAddress{from}
}

// GetSignBytes ...
func (msg *MsgTransferTokens) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

// ValidateBasic ...
func (msg *MsgTransferTokens) ValidateBasic() error {
_, err := sdk.AccAddressFromBech32(msg.From)
Expand Down Expand Up @@ -174,22 +116,11 @@ func (msg *MsgUpdateTokenMapping) ValidateBasic() error {
return nil
}

// Route ...
func (msg MsgUpdateTokenMapping) Route() string {
return RouterKey
}

// Type ...
func (msg MsgUpdateTokenMapping) Type() string {
return TypeMsgUpdateTokenMapping
}

// GetSignBytes ...
func (msg *MsgUpdateTokenMapping) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

// NewMsgTurnBridge ...
func NewMsgTurnBridge(admin string, enable bool) *MsgTurnBridge {
return &MsgTurnBridge{
Expand All @@ -198,15 +129,6 @@ func NewMsgTurnBridge(admin string, enable bool) *MsgTurnBridge {
}
}

// GetSigners ...
func (msg *MsgTurnBridge) GetSigners() []sdk.AccAddress {
sender, err := sdk.AccAddressFromBech32(msg.Sender)
if err != nil {
panic(err)
}
return []sdk.AccAddress{sender}
}

// ValidateBasic ...
func (msg *MsgTurnBridge) ValidateBasic() error {
_, err := sdk.AccAddressFromBech32(msg.Sender)
Expand All @@ -217,38 +139,13 @@ func (msg *MsgTurnBridge) ValidateBasic() error {
return nil
}

// Route ...
func (msg MsgTurnBridge) Route() string {
return RouterKey
}

// Type ...
func (msg MsgTurnBridge) Type() string {
return TypeMsgTurnBridge
}

// GetSignBytes ...
func (msg *MsgTurnBridge) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

func NewMsgUpdateParams(authority string, params Params) *MsgUpdateParams {
return &MsgUpdateParams{
Authority: authority,
Params: params,
}
}

// GetSigners returns the expected signers for a MsgUpdateParams message.
func (msg *MsgUpdateParams) GetSigners() []sdk.AccAddress {
addr, err := sdk.AccAddressFromBech32(msg.Authority)
if err != nil {
panic(err)
}
return []sdk.AccAddress{addr}
}

// ValidateBasic does a sanity check on the provided data.
func (msg *MsgUpdateParams) ValidateBasic() error {
if _, err := sdk.AccAddressFromBech32(msg.Authority); err != nil {
Expand All @@ -262,22 +159,6 @@ func (msg *MsgUpdateParams) ValidateBasic() error {
return nil
}

// Route ...
func (msg MsgUpdateParams) Route() string {
return RouterKey
}

// Type ...
func (msg MsgUpdateParams) Type() string {
return TypeMsgUpdateParams
}

// GetSignBytes ...
func (msg *MsgUpdateParams) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

// NewMsgUpdatePermissions ...
func NewMsgUpdatePermissions(from string, address string, permissions uint64) *MsgUpdatePermissions {
return &MsgUpdatePermissions{
Expand All @@ -287,15 +168,6 @@ func NewMsgUpdatePermissions(from string, address string, permissions uint64) *M
}
}

// GetSigners ...
func (msg *MsgUpdatePermissions) GetSigners() []sdk.AccAddress {
sender, err := sdk.AccAddressFromBech32(msg.From)
if err != nil {
panic(err)
}
return []sdk.AccAddress{sender}
}

// ValidateBasic ...
func (msg *MsgUpdatePermissions) ValidateBasic() error {
_, err := sdk.AccAddressFromBech32(msg.From)
Expand All @@ -310,22 +182,6 @@ func (msg *MsgUpdatePermissions) ValidateBasic() error {
return nil
}

// Route ...
func (msg MsgUpdatePermissions) Route() string {
return RouterKey
}

// Type ...
func (msg MsgUpdatePermissions) Type() string {
return TypeMsgUpdatePermissions
}

// GetSignBytes ...
func (msg *MsgUpdatePermissions) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

func NewMsgStoreBlockList(from string, blob []byte) *MsgStoreBlockList {
return &MsgStoreBlockList{
From: from,
Expand All @@ -346,35 +202,11 @@ func (msg *MsgStoreBlockList) ValidateBasic() error {
if err != nil {
return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid sender address (%s)", err)
}

// skip heavy operation in Decrypt by early return with errDummyIdentity in
// https://github.com/FiloSottile/age/blob/v1.1.1/age.go#L197
_, err = age.Decrypt(bytes.NewBuffer(msg.Blob), new(dummyIdentity))
if err != nil && err != errDummyIdentity {
return err
}
return nil
}

func (msg *MsgStoreBlockList) GetSigners() []sdk.AccAddress {
addr, err := sdk.AccAddressFromBech32(msg.From)
if err != nil {
panic(err)
}

return []sdk.AccAddress{addr}
}

// GetSignBytes ...
func (msg *MsgStoreBlockList) GetSignBytes() []byte {
bz := ModuleCdc.MustMarshalJSON(msg)
return sdk.MustSortJSON(bz)
}

// Route ...
func (msg MsgStoreBlockList) Route() string {
return RouterKey
}

// Type ...
func (msg MsgStoreBlockList) Type() string {
return TypeMsgStoreBlockList
}
Loading
Loading