Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem: sender check for MsgStoreBlockList is not in CheckTx (backport #1613) #1626

Merged
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## UNRELEASED

### Improvements

* [#1613](https://github.com/crypto-org-chain/cronos/pull/1613) Check admin sender for MsgStoreBlockList in check tx.

*Sep 24, 2024*

## v1.3.2
Expand Down
2 changes: 1 addition & 1 deletion app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -1021,7 +1021,7 @@ func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64, bl

blockedMap[string(addr)] = struct{}{}
}
blockAddressDecorator := NewBlockAddressesDecorator(blockedMap)
blockAddressDecorator := NewBlockAddressesDecorator(blockedMap, app.CronosKeeper.GetParams)

options := evmante.HandlerOptions{
AccountKeeper: app.AccountKeeper,
Expand Down
18 changes: 17 additions & 1 deletion app/block_address.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,25 @@
import (
"fmt"

"cosmossdk.io/errors"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"github.com/crypto-org-chain/cronos/v2/x/cronos/types"
)

// BlockAddressesDecorator block addresses from sending transactions
type BlockAddressesDecorator struct {
blockedMap map[string]struct{}
getParams func(ctx sdk.Context) types.Params
}

func NewBlockAddressesDecorator(blacklist map[string]struct{}) BlockAddressesDecorator {
func NewBlockAddressesDecorator(
blacklist map[string]struct{},
getParams func(ctx sdk.Context) types.Params,
) BlockAddressesDecorator {
return BlockAddressesDecorator{
blockedMap: blacklist,
getParams: getParams,
}
}

Expand All @@ -26,6 +34,14 @@
}
}
}
admin := bad.getParams(ctx).CronosAdmin
for _, msg := range tx.GetMsgs() {
if blocklistMsg, ok := msg.(*types.MsgStoreBlockList); ok {
if admin != blocklistMsg.From {
return ctx, errors.Wrap(sdkerrors.ErrUnauthorized, "msg sender is not authorized")

Check warning on line 41 in app/block_address.go

View check run for this annotation

Codecov / codecov/patch

app/block_address.go#L37-L41

Added lines #L37 - L41 were not covered by tests
}
}
}
}
return next(ctx, tx, simulate)
}
3 changes: 2 additions & 1 deletion x/cronos/types/messages.go
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,8 @@ func (msg *MsgStoreBlockList) ValidateBasic() error {
if err != nil {
return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid sender address (%s)", err)
}

// skip heavy operation in Decrypt by early return with errDummyIdentity in
// https://github.com/FiloSottile/age/blob/v1.1.1/age.go#L197
_, err = age.Decrypt(bytes.NewBuffer(msg.Blob), new(dummyIdentity))
if err != nil && err != errDummyIdentity {
return err
Expand Down
73 changes: 71 additions & 2 deletions x/cronos/types/messages_test.go
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
package types_test

import (
"bytes"
"fmt"
"log"
"testing"

"github.com/crypto-org-chain/cronos/v2/app"
"filippo.io/age"
sdk "github.com/cosmos/cosmos-sdk/types"
cmdcfg "github.com/crypto-org-chain/cronos/v2/cmd/cronosd/config"
"github.com/crypto-org-chain/cronos/v2/x/cronos/types"
"github.com/stretchr/testify/require"
)

func TestValidateMsgUpdateTokenMapping(t *testing.T) {
app.SetConfig()
cmdcfg.SetBech32Prefixes(sdk.GetConfig())

testCases := []struct {
name string
Expand Down Expand Up @@ -54,3 +58,68 @@ func TestValidateMsgUpdateTokenMapping(t *testing.T) {
})
}
}

func TestValidateMsgStoreBlockList(t *testing.T) {
cmdcfg.SetBech32Prefixes(sdk.GetConfig())

publicKey := "age1cy0su9fwf3gf9mw868g5yut09p6nytfmmnktexz2ya5uqg9vl9sss4euqm"
recipient, err := age.ParseX25519Recipient(publicKey)
if err != nil {
log.Fatalf("Failed to parse public key %q: %v", publicKey, err)
}

from := "crc12luku6uxehhak02py4rcz65zu0swh7wjsrw0pp"
blob := []byte("valid blob data")
testCases := []struct {
name string
msg *types.MsgStoreBlockList
noEncrypt bool
expectError bool
errorMsg string
}{
{
"valid message",
types.NewMsgStoreBlockList(from, blob),
false,
false,
"",
},
{
"invalid sender address",
types.NewMsgStoreBlockList("invalid", blob),
false,
true,
"invalid sender address",
},
{
"decryption error",
types.NewMsgStoreBlockList(from, blob),
true,
true,
"failed to read header",
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
if !tc.noEncrypt {
out := new(bytes.Buffer)
w, err := age.Encrypt(out, recipient)
require.NoError(t, err)
_, err = w.Write(tc.msg.Blob)
require.NoError(t, err)
err = w.Close()
require.NoError(t, err)
tc.msg.Blob = out.Bytes()
}

err = tc.msg.ValidateBasic()
if tc.expectError {
require.Error(t, err)
require.Contains(t, err.Error(), tc.errorMsg)
} else {
require.NoError(t, err)
}
})
}
}
Loading