From b03afbf41feb182318081547f9307356c6fc8595 Mon Sep 17 00:00:00 2001 From: yuandu Date: Tue, 12 Sep 2023 10:52:11 +0800 Subject: [PATCH 1/3] fix: vesting account loophole --- CHANGELOG.md | 4 ++++ ante/handler_options.go | 1 + ante/vesting.go | 31 +++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 ante/vesting.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c006ba2f..c804352f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,10 @@ * (IRISHub) [\#2852](https://github.com/irisnet/irishub/pull/2852) refactor: fix eip712 signature and inject ParseChainID method * (IRISMod) [irismod \#367](https://github.com/irisnet/irismod/pull/367) Fix rest uri conflict in mt module +### Security + +* (IRISHub) [\#2865](https://github.com/irisnet/irishub/pull/2860) Disable the vesting account creation to prevent contract address front-running. + ## 2.0.0 ### State Machine Breaking diff --git a/ante/handler_options.go b/ante/handler_options.go index 1b02f7481..409484d83 100644 --- a/ante/handler_options.go +++ b/ante/handler_options.go @@ -88,6 +88,7 @@ func newCosmosAnteHandler(options HandlerOptions) sdk.AnteHandler { NewValidateServiceDecorator(), ante.NewIncrementSequenceDecorator(options.AccountKeeper), ibcante.NewRedundantRelayDecorator(options.IBCKeeper), + NewRejectVestingDecorator(), ) } diff --git a/ante/vesting.go b/ante/vesting.go new file mode 100644 index 000000000..87861df30 --- /dev/null +++ b/ante/vesting.go @@ -0,0 +1,31 @@ +package ante + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" +) + +// RejectVestingDecorator is responsible for rejecting the vesting msg +type RejectVestingDecorator struct{} + +// NewRejectVestingDecorator returns an instance of ValidateVestingDecorator +func NewRejectVestingDecorator() RejectVestingDecorator { + return RejectVestingDecorator{} +} + +// AnteHandle checks the transaction +func (vvd RejectVestingDecorator) AnteHandle(ctx sdk.Context, + tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + for _, msg := range tx.GetMsgs() { + switch msg.(type) { + case *vestingtypes.MsgCreateVestingAccount, + *vestingtypes.MsgCreatePermanentLockedAccount, + *vestingtypes.MsgCreatePeriodicVestingAccount: + return ctx, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, + "currently doesn't support creating vesting account") + } + } + return next(ctx, tx, simulate) +} From 535c5c67ec27961eb35d54c78794754c3683676b Mon Sep 17 00:00:00 2001 From: yuandu Date: Tue, 12 Sep 2023 10:54:21 +0800 Subject: [PATCH 2/3] chore: fix typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c804352f4..d2923c74d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,7 +25,7 @@ ### Security -* (IRISHub) [\#2865](https://github.com/irisnet/irishub/pull/2860) Disable the vesting account creation to prevent contract address front-running. +* (IRISHub) [\#2865](https://github.com/irisnet/irishub/pull/2865) Disable the vesting account creation to prevent contract address front-running. ## 2.0.0 From 08455d5b0feca0270b6b60c6852c12fadf8c0c8d Mon Sep 17 00:00:00 2001 From: yuandu Date: Tue, 12 Sep 2023 13:47:37 +0800 Subject: [PATCH 3/3] fix: adjust ante sequence --- ante/handler_options.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ante/handler_options.go b/ante/handler_options.go index 409484d83..fdd1ba244 100644 --- a/ante/handler_options.go +++ b/ante/handler_options.go @@ -64,6 +64,7 @@ func newEthAnteHandler(options HandlerOptions) sdk.AnteHandler { func newCosmosAnteHandler(options HandlerOptions) sdk.AnteHandler { return sdk.ChainAnteDecorators( RejectMessagesDecorator{}, + NewRejectVestingDecorator(), ante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first ante.NewExtensionOptionsDecorator(options.ExtensionOptionChecker), ante.NewValidateBasicDecorator(), @@ -88,7 +89,6 @@ func newCosmosAnteHandler(options HandlerOptions) sdk.AnteHandler { NewValidateServiceDecorator(), ante.NewIncrementSequenceDecorator(options.AccountKeeper), ibcante.NewRedundantRelayDecorator(options.IBCKeeper), - NewRejectVestingDecorator(), ) }