From 10605c5dd65fa5e79956a4db7f42574c7972af48 Mon Sep 17 00:00:00 2001 From: 170210 <85928898+170210@users.noreply.github.com> Date: Tue, 26 Mar 2024 20:05:37 +0900 Subject: [PATCH 1/2] fix: add missing nil checks (#1299) * fix: types: ensure .Amount is non-nil in Coin.Validate() (#15691) This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690 * fix: change math.NewInt to sdk.NewInt Signed-off-by: 170210 * fix: change to finschia-sdk Signed-off-by: 170210 * fix: prevent nil DecCoin creation when converting Coins to DecCoins (#12903) Closes: #12902 --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) * chore: update CHANGELOG.md Signed-off-by: 170210 * fix: fix lint Signed-off-by: 170210 --------- Signed-off-by: 170210 Co-authored-by: Emmanuel T Odeke Co-authored-by: yys (cherry picked from commit a7a39e57060621afb0c346240d204d3cf0687fdc) # Conflicts: # CHANGELOG.md --- CHANGELOG.md | 14 ++++++++++++++ types/coin.go | 5 +++++ types/coin_test.go | 33 +++++++++++++++++++++++++++++++++ types/dec_coin.go | 10 +++++++--- types/dec_coin_test.go | 23 +++++++++++++++++++++++ types/fuzz_test.go | 24 ++++++++++++++++++++++++ 6 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 types/fuzz_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index eb197ca3e7..8e03e88dc1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,11 +43,25 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Improvements ### Bug Fixes +<<<<<<< HEAD * (x/auth) [#1281](https://github.com/Finschia/finschia-sdk/pull/1281) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. (backport #1274) * (x/foundation) [\#1283](https://github.com/Finschia/finschia-sdk/pull/1283) add init logic of foundation module accounts to InitGenesis in order to eliminate potential panic (backport #1277) * (x/collection) [\#1282](https://github.com/Finschia/finschia-sdk/pull/1282) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis (backport #1276) * (x/collection) [\#1290](https://github.com/Finschia/finschia-sdk/pull/1290) export x/collection params into genesis (backport #1268) * (x/foundation) [\#1295](https://github.com/Finschia/finschia-sdk/pull/1295) add missing error handling for migration +======= +* chore(deps) [\#1141](https://github.com/Finschia/finschia-sdk/pull/1141) Bump github.com/cosmos/ledger-cosmos-go from 0.12.2 to 0.13.2 to fix ledger signing issue +* (x/auth, x/slashing) [\#1179](https://github.com/Finschia/finschia-sdk/pull/1179) modify missing changes of converting to tendermint +* (x/auth) [#1274](https://github.com/Finschia/finschia-sdk/pull/1274) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. +* (x/collection) [\#1276](https://github.com/Finschia/finschia-sdk/pull/1276) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis +* (x/foundation) [\#1277](https://github.com/Finschia/finschia-sdk/pull/1277) add init logic of foundation module accounts to InitGenesis in order to eliminate potential panic +* (x/collection, x/token) [\#1288](https://github.com/Finschia/finschia-sdk/pull/1288) use accAddress to compare in validatebasic function in collection & token modules +* (x/collection) [\#1268](https://github.com/Finschia/finschia-sdk/pull/1268) export x/collection params into genesis +* (x/collection) [\#1294](https://github.com/Finschia/finschia-sdk/pull/1294) reject NFT coins on FT APIs +* (sec) [\#1302](https://github.com/Finschia/finschia-sdk/pull/1302) remove map iteration non-determinism with keys + sorting +* (client) [\#1303](https://github.com/Finschia/finschia-sdk/pull/1303) fix possible overflow in BuildUnsignedTx +* (types) [\#1299](https://github.com/Finschia/finschia-sdk/pull/1299) add missing nil checks +>>>>>>> a7a39e570 (fix: add missing nil checks (#1299)) ### Removed diff --git a/types/coin.go b/types/coin.go index 01358f414b..85d4c405da 100644 --- a/types/coin.go +++ b/types/coin.go @@ -2,6 +2,7 @@ package types import ( "encoding/json" + "errors" "fmt" "regexp" "sort" @@ -44,6 +45,10 @@ func (coin Coin) Validate() error { return err } + if coin.Amount.IsNil() { + return errors.New("amount is nil") + } + if coin.Amount.IsNegative() { return fmt.Errorf("negative coin amount: %v", coin.Amount) } diff --git a/types/coin_test.go b/types/coin_test.go index 8f48e89fec..bb5eee2cc6 100644 --- a/types/coin_test.go +++ b/types/coin_test.go @@ -1034,6 +1034,39 @@ func (s *coinTestSuite) TestMarshalJSONCoins() { } } +func (s *coinTestSuite) TestCoinValidate() { + testCases := []struct { + name string + coin sdk.Coin + wantErr string + }{ + {"nil coin: nil Amount", sdk.Coin{}, "invalid denom"}, + {"non-blank coin, nil Amount", sdk.Coin{Denom: "atom"}, "amount is nil"}, + {"valid coin", sdk.Coin{Denom: "atom", Amount: sdk.NewInt(100)}, ""}, + {"negative coin", sdk.Coin{Denom: "atom", Amount: sdk.NewInt(-999)}, "negative coin amount"}, + } + + for _, tc := range testCases { + tc := tc + t := s.T() + t.Run(tc.name, func(t *testing.T) { + err := tc.coin.Validate() + if tc.wantErr == "" { + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + return + } else { + if err == nil { + t.Error("Expected an error") + } else if !strings.Contains(err.Error(), tc.wantErr) { + t.Errorf("Error mismatch\n\tGot: %q\nWant: %q", err, tc.wantErr) + } + } + }) + } +} + func (s *coinTestSuite) TestCoinAminoEncoding() { cdc := codec.NewLegacyAmino() c := sdk.NewInt64Coin(testDenom1, 5) diff --git a/types/dec_coin.go b/types/dec_coin.go index 68fe3b9f95..10856d0fe2 100644 --- a/types/dec_coin.go +++ b/types/dec_coin.go @@ -182,10 +182,14 @@ func sanitizeDecCoins(decCoins []DecCoin) DecCoins { // NewDecCoinsFromCoins constructs a new coin set with decimal values // from regular Coins. func NewDecCoinsFromCoins(coins ...Coin) DecCoins { - decCoins := make(DecCoins, len(coins)) + if len(coins) == 0 { + return DecCoins{} + } + + decCoins := make([]DecCoin, 0, len(coins)) newCoins := NewCoins(coins...) - for i, coin := range newCoins { - decCoins[i] = NewDecCoinFromCoin(coin) + for _, coin := range newCoins { + decCoins = append(decCoins, NewDecCoinFromCoin(coin)) } return decCoins diff --git a/types/dec_coin_test.go b/types/dec_coin_test.go index 9017bda27c..e2c3ba9028 100644 --- a/types/dec_coin_test.go +++ b/types/dec_coin_test.go @@ -546,6 +546,29 @@ func (s *decCoinTestSuite) TestNewDecCoinsWithIsValid() { } } +func (s *decCoinTestSuite) TestNewDecCoinsWithZeroCoins() { + zeroCoins := append(sdk.NewCoins(sdk.NewCoin("mytoken", sdk.NewInt(0))), sdk.Coin{Denom: "wbtc", Amount: sdk.NewInt(10)}) + + tests := []struct { + coins sdk.Coins + expectLength int + }{ + { + sdk.NewCoins(sdk.NewCoin("mytoken", sdk.NewInt(10)), sdk.NewCoin("wbtc", sdk.NewInt(10))), + 2, + }, + { + zeroCoins, + 1, + }, + } + + for _, tc := range tests { + tc := tc + s.Require().Equal(sdk.NewDecCoinsFromCoins(tc.coins...).Len(), tc.expectLength) + } +} + func (s *decCoinTestSuite) TestDecCoins_AddDecCoinWithIsValid() { lengthTestDecCoins := sdk.NewDecCoins().Add(sdk.NewDecCoin("mytoken", sdk.NewInt(10))).Add(sdk.DecCoin{Denom: "BTC", Amount: sdk.NewDec(10)}) s.Require().Equal(2, len(lengthTestDecCoins), "should be 2") diff --git a/types/fuzz_test.go b/types/fuzz_test.go new file mode 100644 index 0000000000..99b80be29a --- /dev/null +++ b/types/fuzz_test.go @@ -0,0 +1,24 @@ +package types + +import ( + "testing" + + "github.com/Finschia/finschia-sdk/codec" +) + +func FuzzCoinUnmarshalJSON(f *testing.F) { + if testing.Short() { + f.Skip() + } + + cdc := codec.NewLegacyAmino() + f.Add(`{"denom":"atom","amount":"1000"}`) + f.Add(`{"denom":"atom","amount":"-1000"}`) + f.Add(`{"denom":"uatom","amount":"1000111111111111111111111"}`) + f.Add(`{"denom":"mu","amount":"0"}`) + + f.Fuzz(func(t *testing.T, jsonBlob string) { + var c Coin + _ = cdc.UnmarshalJSON([]byte(jsonBlob), &c) + }) +} From 541bbbf0a3b0316b560a643a7eebcd3d755c9374 Mon Sep 17 00:00:00 2001 From: Youngtaek Yoon Date: Fri, 29 Mar 2024 02:24:48 +0000 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e03e88dc1..cf37a34d39 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,19 +49,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/collection) [\#1282](https://github.com/Finschia/finschia-sdk/pull/1282) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis (backport #1276) * (x/collection) [\#1290](https://github.com/Finschia/finschia-sdk/pull/1290) export x/collection params into genesis (backport #1268) * (x/foundation) [\#1295](https://github.com/Finschia/finschia-sdk/pull/1295) add missing error handling for migration -======= -* chore(deps) [\#1141](https://github.com/Finschia/finschia-sdk/pull/1141) Bump github.com/cosmos/ledger-cosmos-go from 0.12.2 to 0.13.2 to fix ledger signing issue -* (x/auth, x/slashing) [\#1179](https://github.com/Finschia/finschia-sdk/pull/1179) modify missing changes of converting to tendermint -* (x/auth) [#1274](https://github.com/Finschia/finschia-sdk/pull/1274) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. -* (x/collection) [\#1276](https://github.com/Finschia/finschia-sdk/pull/1276) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis -* (x/foundation) [\#1277](https://github.com/Finschia/finschia-sdk/pull/1277) add init logic of foundation module accounts to InitGenesis in order to eliminate potential panic -* (x/collection, x/token) [\#1288](https://github.com/Finschia/finschia-sdk/pull/1288) use accAddress to compare in validatebasic function in collection & token modules -* (x/collection) [\#1268](https://github.com/Finschia/finschia-sdk/pull/1268) export x/collection params into genesis -* (x/collection) [\#1294](https://github.com/Finschia/finschia-sdk/pull/1294) reject NFT coins on FT APIs -* (sec) [\#1302](https://github.com/Finschia/finschia-sdk/pull/1302) remove map iteration non-determinism with keys + sorting -* (client) [\#1303](https://github.com/Finschia/finschia-sdk/pull/1303) fix possible overflow in BuildUnsignedTx * (types) [\#1299](https://github.com/Finschia/finschia-sdk/pull/1299) add missing nil checks ->>>>>>> a7a39e570 (fix: add missing nil checks (#1299)) ### Removed