Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prevent signing from wrong key in multisig (backport #1319) #1324

Merged
merged 3 commits into from
Mar 29, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Mar 28, 2024

Description

closes: #XXXX

When signing an multisig tx, you are required to provide the multisig address (--multisig) and the key you are signing with (--from), but there's no check that the key is actually part of the multisig. This makes it very easy to accidentally sign with the wrong key and only figure it out when you try to broadcast the invalid tx that includes a signature from a key thats not in the multisig.

Motivation and context

How has this been tested?

Screenshots (if appropriate):

Checklist:

  • I followed the contributing guidelines and code of conduct.
  • I have added a relevant changelog to CHANGELOG.md
  • I have added tests to cover my changes.
  • I have updated the documentation accordingly.
  • I have updated API documentation client/docs/swagger-ui/swagger.yaml

This is an automatic backport of pull request #1319 done by [Mergify](https://mergify.com).

* Add multisig check

* Update CHANGELOG

* Update CHANGELOG.md

(cherry picked from commit c051dcc)

# Conflicts:
#	CHANGELOG.md
Copy link
Contributor Author

mergify bot commented Mar 28, 2024

Cherry-pick of c051dcc has failed:

On branch mergify/bp/release/v0.48.x/pr-1319
Your branch is up to date with 'origin/release/v0.48.x'.

You are currently cherry-picking commit c051dcc91.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   x/auth/client/cli/tx_multisign.go
	modified:   x/auth/client/cli/tx_sign.go
	modified:   x/auth/client/testutil/suite.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   CHANGELOG.md

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

Copy link

codecov bot commented Mar 28, 2024

Codecov Report

Attention: Patch coverage is 34.04255% with 31 lines in your changes are missing coverage. Please review.

Project coverage is 69.76%. Comparing base (1f8e902) to head (6e8c3a6).
Report is 10 commits behind head on release/v0.48.x.

Additional details and impacted files

Impacted file tree graph

@@                 Coverage Diff                 @@
##           release/v0.48.x    #1324      +/-   ##
===================================================
- Coverage            69.78%   69.76%   -0.02%     
===================================================
  Files                  646      646              
  Lines                67507    67573      +66     
===================================================
+ Hits                 47109    47142      +33     
- Misses               18212    18242      +30     
- Partials              2186     2189       +3     
Files Coverage Δ
x/auth/client/testutil/suite.go 96.94% <100.00%> (+0.03%) ⬆️
x/auth/client/cli/tx_multisign.go 0.00% <0.00%> (ø)
x/auth/client/cli/tx_sign.go 0.00% <0.00%> (ø)

... and 3 files with indirect coverage changes

@0Tech 0Tech self-assigned this Mar 29, 2024
@0Tech 0Tech added A: bug Something isn't working C:x/auth and removed conflicts labels Mar 29, 2024
CHANGELOG.md Outdated Show resolved Hide resolved
@0Tech 0Tech merged commit 69a3ec7 into release/v0.48.x Mar 29, 2024
28 of 29 checks passed
@0Tech 0Tech deleted the mergify/bp/release/v0.48.x/pr-1319 branch March 29, 2024 05:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A: bug Something isn't working C:x/auth
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants