diff --git a/CHANGELOG.md b/CHANGELOG.md index 80432ed3ac..e29ab978fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Bug Fixes * (x/auth) [#1281](https://github.com/Finschia/finschia-sdk/pull/1281) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. (backport #1274) * (x/foundation) [\#1283](https://github.com/Finschia/finschia-sdk/pull/1283) add init logic of foundation module accounts to InitGenesis in order to eliminate potential panic (backport #1277) +* (x/collection) [\#1282](https://github.com/Finschia/finschia-sdk/pull/1282) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis (backport #1276) ### Removed diff --git a/x/collection/genesis.go b/x/collection/genesis.go index 2fb632a125..7a80d0a2cd 100644 --- a/x/collection/genesis.go +++ b/x/collection/genesis.go @@ -65,8 +65,11 @@ func ValidateGenesis(data GenesisState) error { if len(contractNextTokenIDs.TokenIds) == 0 { return sdkerrors.ErrInvalidRequest.Wrap("next token ids cannot be empty") } - for _, nextTokenIDs := range contractNextTokenIDs.TokenIds { - if err := ValidateClassID(nextTokenIDs.ClassId); err != nil { + for _, nextTokenID := range contractNextTokenIDs.TokenIds { + if nextTokenID.Id.IsZero() { + return sdkerrors.ErrInvalidRequest.Wrap("nextTokenID.Id is not supposed to be zero") + } + if err := ValidateClassID(nextTokenID.ClassId); err != nil { return err } } diff --git a/x/collection/genesis_test.go b/x/collection/genesis_test.go index d4c7d0a7c1..4fcc543541 100644 --- a/x/collection/genesis_test.go +++ b/x/collection/genesis_test.go @@ -445,6 +445,17 @@ func TestValidateGenesis(t *testing.T) { }, false, }, + "should throw error when next token id is zero in genesis": { + &collection.GenesisState{ + Params: collection.Params{}, + NextTokenIds: []collection.ContractNextTokenIDs{ + {ContractId: "deadbeef", TokenIds: []collection.NextTokenID{ + {ClassId: "deadbeef", Id: sdk.NewUint(0)}, + }}, + }, + }, + false, + }, } for name, tc := range testCases {