Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prevent signing from wrong key in multisig #1319

Merged
merged 5 commits into from
Mar 28, 2024

Conversation

ulbqb
Copy link
Member

@ulbqb ulbqb commented Mar 27, 2024

Description

closes: #XXXX

When signing an multisig tx, you are required to provide the multisig address (--multisig) and the key you are signing with (--from), but there's no check that the key is actually part of the multisig. This makes it very easy to accidentally sign with the wrong key and only figure it out when you try to broadcast the invalid tx that includes a signature from a key thats not in the multisig.

Motivation and context

How has this been tested?

Screenshots (if appropriate):

Checklist:

  • I followed the contributing guidelines and code of conduct.
  • I have added a relevant changelog to CHANGELOG.md
  • I have added tests to cover my changes.
  • I have updated the documentation accordingly.
  • I have updated API documentation client/docs/swagger-ui/swagger.yaml

@ulbqb ulbqb self-assigned this Mar 27, 2024
@ulbqb ulbqb added A: bug Something isn't working C:x/auth backport/v0.48.x labels Mar 27, 2024
@ulbqb ulbqb changed the title fix: Prevent signing from wrong key in multisig fix: prevent signing from wrong key in multisig Mar 27, 2024
Copy link

codecov bot commented Mar 27, 2024

Codecov Report

Attention: Patch coverage is 28.12500% with 23 lines in your changes are missing coverage. Please review.

Project coverage is 70.39%. Comparing base (e62a330) to head (f53aba1).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1319      +/-   ##
==========================================
- Coverage   70.41%   70.39%   -0.03%     
==========================================
  Files         643      643              
  Lines       54752    54779      +27     
==========================================
+ Hits        38556    38564       +8     
- Misses      14021    14040      +19     
  Partials     2175     2175              
Files Coverage Δ
x/auth/client/testutil/suite.go 96.54% <100.00%> (+0.02%) ⬆️
x/auth/client/cli/tx_multisign.go 0.00% <0.00%> (ø)
x/auth/client/cli/tx_sign.go 0.00% <0.00%> (ø)

@ulbqb ulbqb marked this pull request as ready for review March 27, 2024 12:51
@ulbqb ulbqb requested a review from 170210 March 27, 2024 13:00
@ulbqb ulbqb merged commit c051dcc into Finschia:main Mar 28, 2024
37 of 38 checks passed
@ulbqb ulbqb deleted the fix/multisig branch March 28, 2024 01:40
mergify bot pushed a commit that referenced this pull request Mar 28, 2024
* Add multisig check

* Update CHANGELOG

* Update CHANGELOG.md

(cherry picked from commit c051dcc)

# Conflicts:
#	CHANGELOG.md
0Tech added a commit that referenced this pull request Mar 29, 2024
* fix: prevent signing from wrong key in multisig (#1319)

* Add multisig check

* Update CHANGELOG

* Update CHANGELOG.md

(cherry picked from commit c051dcc)

# Conflicts:
#	CHANGELOG.md

* Update CHANGELOG.md

---------

Co-authored-by: Shogo Hyodo <[email protected]>
Co-authored-by: Youngtaek Yoon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants