PundiAI · zakir-code · Oct 14, 2024 · Oct 13, 2024 · coderabbitai · Oct 13, 2024
diff --git a/x/crosschain/keeper/abci.go b/x/crosschain/keeper/abci.go
@@ -38,10 +38,7 @@ func (k Keeper) isNeedOracleSetRequest(ctx sdk.Context) (*types.OracleSet, bool)
 	}
 	// 3. Power diff
 	powerDiff := fmt.Sprintf("%.8f", types.BridgeValidators(currentOracleSet.Members).PowerDiff(latestOracleSet.Members))
-	powerDiffDec, err := sdkmath.LegacyNewDecFromStr(powerDiff)
-	if err != nil {
-		panic(fmt.Errorf("covert power diff to dec err, powerDiff: %v, err: %w", powerDiff, err))
-	}
+	powerDiffDec := sdkmath.LegacyMustNewDecFromStr(powerDiff)
 
 	oracleSetUpdatePowerChangePercent := k.GetOracleSetUpdatePowerChangePercent(ctx)
 	if oracleSetUpdatePowerChangePercent.GT(sdkmath.LegacyOneDec()) {
@@ -163,33 +160,35 @@ func (k Keeper) bridgeCallSlashing(ctx sdk.Context, oracles types.Oracles, signe
 //	here is the Ethereum block height at the time of the last SendToExternal or SendToFx to be observed. It's very important we do not
 //	project, if we do a slowdown on ethereum could cause a double spend. Instead timeouts will *only* occur after the timeout period
 //	AND any deposit or withdraw has occurred to update the Ethereum block height.
-func (k Keeper) cleanupTimedOutBatches(ctx sdk.Context) {
+func (k Keeper) cleanupTimedOutBatches(ctx sdk.Context) (err error) {
 	externalBlockHeight := k.GetLastObservedBlockHeight(ctx).ExternalBlockHeight
 	k.IterateOutgoingTxBatches(ctx, func(batch *types.OutgoingTxBatch) bool {
 		if batch.BatchTimeout < externalBlockHeight {
-			if err := k.RefundOutgoingTxBatch(ctx, batch.TokenContract, batch.BatchNonce); err != nil {
-				panic(fmt.Sprintf("Failed cancel out batch %s %d while trying to execute failed: %s", batch.TokenContract, batch.BatchNonce, err))
+			if err = k.RefundOutgoingTxBatch(ctx, batch.TokenContract, batch.BatchNonce); err != nil {
+				return true
 			}
 		}
 		return false
 	})
+	return err
 }
 
-func (k Keeper) cleanupTimeOutBridgeCall(ctx sdk.Context) {
+func (k Keeper) cleanupTimeOutBridgeCall(ctx sdk.Context) (err error) {
 	externalBlockHeight := k.GetLastObservedBlockHeight(ctx).ExternalBlockHeight
 	k.IterateOutgoingBridgeCalls(ctx, func(data *types.OutgoingBridgeCall) bool {
 		if data.Timeout > externalBlockHeight {
 			return true
 		}
 		// 1. handler bridge call refund
-		if err := k.RefundOutgoingBridgeCall(ctx, data); err != nil {
-			panic(fmt.Sprintf("failed cancel out bridge call %d while trying to execute failed: %s", data.Nonce, err))
+		if err = k.RefundOutgoingBridgeCall(ctx, data); err != nil {
+			return true
 		}
 
 		// 2. delete bridge call
 		k.DeleteOutgoingBridgeCallRecord(ctx, data.Nonce)
 		return false
 	})
+	return err
 }
 
 func (k Keeper) pruneOracleSet(ctx sdk.Context, signedOracleSetsWindow uint64) {

diff --git a/x/crosschain/keeper/attestation.go b/x/crosschain/keeper/attestation.go
@@ -46,7 +46,9 @@ func (k Keeper) Attest(ctx sdk.Context, oracleAddr sdk.AccAddress, claim types.E
 	k.SetAttestation(ctx, claim.GetEventNonce(), claim.ClaimHash(), att)
 
 	if !att.Observed && claim.GetEventNonce() == k.GetLastObservedEventNonce(ctx)+1 {
-		k.TryAttestation(ctx, att, claim)
+		if err = k.TryAttestation(ctx, att, claim); err != nil {
+			return nil, err
+		}
 	}
 
 	ctx = ctx.WithGasMeter(gasMeter)
@@ -59,7 +61,7 @@ func (k Keeper) Attest(ctx sdk.Context, oracleAddr sdk.AccAddress, claim types.E
 // TryAttestation checks if an attestation has enough votes to be applied to the consensus state
 // and has not already been marked Observed, then calls processAttestation to actually apply it to the state,
 // and then marks it Observed and emits an event.
-func (k Keeper) TryAttestation(ctx sdk.Context, att *types.Attestation, claim types.ExternalClaim) {
+func (k Keeper) TryAttestation(ctx sdk.Context, att *types.Attestation, claim types.ExternalClaim) error {
 	// If the attestation has not yet been Observed, sum up the votes and see if it is ready to apply to the state.
 	// This conditional stops the attestation from accidentally being applied twice.
 	// Sum the current powers of all validators who have voted and see if it passes the current threshold
@@ -71,9 +73,7 @@ func (k Keeper) TryAttestation(ctx sdk.Context, att *types.Attestation, claim ty
 		oracleAddr := sdk.MustAccAddressFromBech32(oracleStr)
 		oracle, found := k.GetOracle(ctx, oracleAddr)
 		if !found {
-			k.Logger(ctx).Error("TryAttestation", "not found oracle", oracleAddr.String(), "claimEventNonce",
-				claim.GetEventNonce(), "claimType", claim.GetType(), "claimHeight", claim.GetBlockHeight())
-			continue
+			return types.ErrNoFoundOracle
 		}
 		oraclePower := oracle.GetPower()
 		// Add it to the attestation power's sum
@@ -104,12 +104,17 @@ func (k Keeper) TryAttestation(ctx sdk.Context, att *types.Attestation, claim ty
 		ctx.EventManager().EmitEvent(event)
 
 		// execute the timeout logic
-		k.cleanupTimedOutBatches(ctx)
-		k.cleanupTimeOutBridgeCall(ctx)
+		if err = k.cleanupTimedOutBatches(ctx); err != nil {
+			return err
+		}
+		if err = k.cleanupTimeOutBridgeCall(ctx); err != nil {
+			return err
+		}
 
 		k.pruneAttestations(ctx)
 		break
 	}
+	return nil
 }
 
 // processAttestation actually applies the attestation to the consensus state
@@ -168,10 +173,7 @@ func (k Keeper) IterateAttestationAndClaim(ctx sdk.Context, cb func(*types.Attes
 	for ; iter.Valid(); iter.Next() {
 		att := new(types.Attestation)
 		k.cdc.MustUnmarshal(iter.Value(), att)
-		claim, err := types.UnpackAttestationClaim(k.cdc, att)
-		if err != nil {
-			panic("couldn't cast to claim")
-		}
+		claim := types.MustUnpackAttestationClaim(k.cdc, att)
-		claim := types.MustUnpackAttestationClaim(k.cdc, att)
+		claim, err := types.UnpackAttestationClaim(k.cdc, att)
+		if err != nil {
+			k.Logger(ctx).Error("Failed to unpack attestation claim", "error", err)
+			continue // Skip this attestation or handle the error appropriately
+		}
-		claim := types.MustUnpackAttestationClaim(k.cdc, att)
+		claim, err := types.UnpackAttestationClaim(k.cdc, att)
+		if err != nil {
+			k.Logger(ctx).Error("Failed to unpack attestation claim", "error", err)
+			continue // Skip this attestation or handle the error appropriately
+		}
 		// cb returns true to stop early
 		if cb(att, claim) {
 			return

diff --git a/x/crosschain/keeper/attestation_handler.go b/x/crosschain/keeper/attestation_handler.go
@@ -11,10 +11,10 @@ import (
 func (k Keeper) AttestationHandler(ctx sdk.Context, externalClaim types.ExternalClaim) error {
 	switch claim := externalClaim.(type) {
 	case *types.MsgSendToFxClaim, *types.MsgBridgeCallClaim, *types.MsgBridgeCallResultClaim:
-		k.SavePendingExecuteClaim(ctx, externalClaim)
+		return k.SavePendingExecuteClaim(ctx, externalClaim)
 
 	case *types.MsgSendToExternalClaim:
-		k.OutgoingTxBatchExecuted(ctx, claim.TokenContract, claim.BatchNonce)
+		return k.OutgoingTxBatchExecuted(ctx, claim.TokenContract, claim.BatchNonce)
 
 	case *types.MsgBridgeTokenClaim:
 		return k.AddBridgeTokenExecuted(ctx, claim)
@@ -25,13 +25,12 @@ func (k Keeper) AttestationHandler(ctx sdk.Context, externalClaim types.External
 	default:
 		return types.ErrInvalid.Wrapf("event type: %s", claim.GetType())
 	}
-	return nil
 }
 
 func (k Keeper) ExecuteClaim(ctx sdk.Context, eventNonce uint64) error {
-	externalClaim, found := k.GetPendingExecuteClaim(ctx, eventNonce)
-	if !found {
-		return sdkerrors.ErrInvalidRequest.Wrap("claim not found")
+	externalClaim, err := k.GetPendingExecuteClaim(ctx, eventNonce)
+	if err != nil {
+		return err
 	}
 	k.DeletePendingExecuteClaim(ctx, eventNonce)
 	switch claim := externalClaim.(type) {

diff --git a/x/crosschain/keeper/genesis.go b/x/crosschain/keeper/genesis.go
@@ -92,10 +92,7 @@ func InitGenesis(ctx sdk.Context, k Keeper, state *types.GenesisState) {
 	// reset attestations in state
 	for i := 0; i < len(state.Attestations); i++ {
 		att := state.Attestations[i]
-		claim, err := types.UnpackAttestationClaim(k.cdc, &att)
-		if err != nil {
-			panic("couldn't cast to claim")
-		}
+		claim := types.MustUnpackAttestationClaim(k.cdc, &att)
 
 		// 0x17
 		k.SetAttestation(ctx, claim.GetEventNonce(), claim.ClaimHash(), &att)
@@ -106,10 +103,7 @@ func InitGenesis(ctx sdk.Context, k Keeper, state *types.GenesisState) {
 	for i := 0; i < len(state.Attestations); i++ {
 
 		att := state.Attestations[i]
-		claim, err := types.UnpackAttestationClaim(k.cdc, &att)
-		if err != nil {
-			panic("couldn't cast to claim")
-		}
+		claim := types.MustUnpackAttestationClaim(k.cdc, &att)
 		// reconstruct the latest event nonce for every validator
 		// if somehow this genesis state is saved when all attestations
 		// have been cleaned up GetLastEventNonceByOracle handles that case

diff --git a/x/crosschain/keeper/oracle_set.go b/x/crosschain/keeper/oracle_set.go
@@ -27,7 +27,7 @@ func (k Keeper) UpdateOracleSetExecuted(ctx sdk.Context, claim *types.MsgOracleS
 		observedOracleSet.Height = trustedOracleSet.Height
 
 		if _, err := trustedOracleSet.Equal(observedOracleSet); err != nil {
-			panic(fmt.Sprintf("Potential bridge highjacking: observed oracleSet (%+v) does not match stored oracleSet (%+v)! %s", observedOracleSet, trustedOracleSet, err.Error()))
+			return err
 		}
 	}
 	k.SetLastObservedOracleSet(ctx, observedOracleSet)

diff --git a/x/crosschain/keeper/outgoing_tx.go b/x/crosschain/keeper/outgoing_tx.go
@@ -71,22 +71,25 @@ func (k Keeper) BuildOutgoingTxBatch(ctx sdk.Context, sender sdk.AccAddress, rec
 	return batch.BatchNonce, nil
 }
 
-func (k Keeper) OutgoingTxBatchExecuted(ctx sdk.Context, tokenContract string, batchNonce uint64) {
+func (k Keeper) OutgoingTxBatchExecuted(ctx sdk.Context, tokenContract string, batchNonce uint64) (err error) {
 	batch := k.GetOutgoingTxBatch(ctx, tokenContract, batchNonce)
 	if batch == nil {
-		panic(fmt.Sprintf("unknown batch nonce for outgoing tx batch %s %d", tokenContract, batchNonce))
+		return fmt.Errorf("unknown batch nonce for outgoing tx batch %s %d", tokenContract, batchNonce)
-		return fmt.Errorf("unknown batch nonce for outgoing tx batch %s %d", tokenContract, batchNonce)
+		return types.ErrInvalid.Wrapf("unknown batch nonce for outgoing tx batch %s %d", tokenContract, batchNonce)
-		return fmt.Errorf("unknown batch nonce for outgoing tx batch %s %d", tokenContract, batchNonce)
+		return types.ErrInvalid.Wrapf("unknown batch nonce for outgoing tx batch %s %d", tokenContract, batchNonce)
 	}
 
 	// Iterate through remaining batches
 	k.IterateOutgoingTxBatches(ctx, func(iterBatch *types.OutgoingTxBatch) bool {
 		// If the iterated batches nonce is lower than the one that was just executed, cancel it
 		if iterBatch.BatchNonce < batch.BatchNonce && iterBatch.TokenContract == tokenContract {
-			if err := k.RefundOutgoingTxBatch(ctx, tokenContract, iterBatch.BatchNonce); err != nil {
-				panic(fmt.Sprintf("Failed cancel out batch %s %d while trying to execute failed: %s", batch.TokenContract, batch.BatchNonce, err))
+			if err = k.RefundOutgoingTxBatch(ctx, tokenContract, iterBatch.BatchNonce); err != nil {
+				return true
 			}
 		}
 		return false
 	})
+	if err != nil {
+		return err
+	}
 
 	// Delete batch since it is finished
 	k.DeleteBatch(ctx, batch)
@@ -97,6 +100,7 @@ func (k Keeper) OutgoingTxBatchExecuted(ctx sdk.Context, tokenContract string, b
 			k.erc20Keeper.DeleteOutgoingTransferRelation(ctx, k.moduleName, tx.Id)
 		}
 	}
+	return nil
 }
 
 // --- OUTGOING TX BATCH --- //

diff --git a/x/crosschain/keeper/pending_execute_claim.go b/x/crosschain/keeper/pending_execute_claim.go
@@ -1,31 +1,34 @@
 package keeper
 
 import (
+	"fmt"
+
 	sdk "github.com/cosmos/cosmos-sdk/types"
 
 	"github.com/functionx/fx-core/v8/x/crosschain/types"
 )
 
-func (k Keeper) SavePendingExecuteClaim(ctx sdk.Context, claim types.ExternalClaim) {
+func (k Keeper) SavePendingExecuteClaim(ctx sdk.Context, claim types.ExternalClaim) error {
 	store := ctx.KVStore(k.storeKey)
 	bz, err := k.cdc.MarshalInterface(claim)
 	if err != nil {
-		panic(err)
+		return err
 	}
 	store.Set(types.GetPendingExecuteClaimKey(claim.GetEventNonce()), bz)
+	return err
 }
 
-func (k Keeper) GetPendingExecuteClaim(ctx sdk.Context, eventNonce uint64) (types.ExternalClaim, bool) {
+func (k Keeper) GetPendingExecuteClaim(ctx sdk.Context, eventNonce uint64) (types.ExternalClaim, error) {
 	store := ctx.KVStore(k.storeKey)
 	bz := store.Get(types.GetPendingExecuteClaimKey(eventNonce))
 	if len(bz) == 0 {
-		return nil, false
+		return nil, fmt.Errorf("claim %d not found", eventNonce)
 	}
 	var claim types.ExternalClaim
 	if err := k.cdc.UnmarshalInterface(bz, &claim); err != nil {
-		panic(err)
+		return nil, err
 	}
-	return claim, true
+	return claim, nil
 }
 
 func (k Keeper) DeletePendingExecuteClaim(ctx sdk.Context, eventNonce uint64) {

diff --git a/x/crosschain/keeper/pending_execute_claim_test.go b/x/crosschain/keeper/pending_execute_claim_test.go
@@ -47,10 +47,11 @@ func (s *KeeperMockSuite) TestKeeper_SavePendingExecuteClaim() {
 	}
 	for _, tt := range tests {
 		s.Run(tt.name, func() {
-			s.crosschainKeeper.SavePendingExecuteClaim(s.ctx, tt.claim)
+			err := s.crosschainKeeper.SavePendingExecuteClaim(s.ctx, tt.claim)
+			s.Require().NoError(err)
 
-			claim, found := s.crosschainKeeper.GetPendingExecuteClaim(s.ctx, tt.claim.GetEventNonce())
-			s.Require().Equal(true, found)
+			claim, err := s.crosschainKeeper.GetPendingExecuteClaim(s.ctx, tt.claim.GetEventNonce())
+			s.Require().NoError(err)
 			s.Require().Equal(claim, tt.claim)
 		})
 	}

diff --git a/x/crosschain/types/msgs.go b/x/crosschain/types/msgs.go
@@ -280,10 +280,12 @@ var (
 	_ ExternalClaim = &MsgBridgeCallResultClaim{}
 )
 
-func UnpackAttestationClaim(cdc codectypes.AnyUnpacker, att *Attestation) (ExternalClaim, error) {
+func MustUnpackAttestationClaim(cdc codectypes.AnyUnpacker, att *Attestation) ExternalClaim {
 	var msg ExternalClaim
-	err := cdc.UnpackAny(att.Claim, &msg)
-	return msg, err
+	if err := cdc.UnpackAny(att.Claim, &msg); err != nil {
+		panic(err)
+	}
+	return msg
 }
 
 func (m *MsgClaim) ValidateBasic() (err error) {