From c5fbc749abf65ac8906c735f48031c2334acdeb4 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 29 Mar 2024 02:34:55 +0000 Subject: [PATCH] fix: possible overflow in BuildUnsignedTx (backport #1303) (#1307) * fix: possible overflow in BuildUnsignedTx (#1303) * fix: possible overflow * chore: update changelog * chore: add comment (cherry picked from commit b1c09cf6c82b9db4600176512ecf5e1b14679385) # Conflicts: # CHANGELOG.md * Update CHANGELOG.md --------- Co-authored-by: jaeseung-bae <119839167+jaeseung-bae@users.noreply.github.com> Co-authored-by: Youngtaek Yoon --- CHANGELOG.md | 1 + client/tx/factory.go | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77f7aef24b..63e69f702e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/collection) [\#1290](https://github.com/Finschia/finschia-sdk/pull/1290) export x/collection params into genesis (backport #1268) * (x/foundation) [\#1295](https://github.com/Finschia/finschia-sdk/pull/1295) add missing error handling for migration * (sec) [\#1302](https://github.com/Finschia/finschia-sdk/pull/1302) remove map iteration non-determinism with keys + sorting +* (client) [\#1303](https://github.com/Finschia/finschia-sdk/pull/1303) fix possible overflow in BuildUnsignedTx ### Removed diff --git a/client/tx/factory.go b/client/tx/factory.go index 709782d68a..ae773f4438 100644 --- a/client/tx/factory.go +++ b/client/tx/factory.go @@ -3,6 +3,7 @@ package tx import ( "errors" "fmt" + "math/big" "os" "github.com/spf13/pflag" @@ -212,7 +213,9 @@ func (f Factory) BuildUnsignedTx(msgs ...sdk.Msg) (client.TxBuilder, error) { return nil, errors.New("cannot provide both fees and gas prices") } - glDec := sdk.NewDec(int64(f.gas)) + // f.gas is a uint64 and we should convert to LegacyDec + // without the risk of under/overflow via uint64->int64. + glDec := sdk.NewDecFromBigInt(new(big.Int).SetUint64(f.gas)) // Derive the fees based on the provided gas prices, where // fee = ceil(gasPrice * gasLimit).