-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization logic of staking module: denyList never used? #11391
Comments
Seems like the implementation is incorrect and there is not a test case to catch it. If deny list is provided, it should be possible to use any validator not on the deny list. This is a bug |
Great, thanks for following up so quickly. I noticed that the issue was mentioned in the context of discussion on whether or not to use a testing framework: in this context, it is worth saying that I discovered this bug using the model-based testing approach on the code, getting failed tests and investigating the code upon that. |
## Description Closes: #11391 --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)
Adding a bit more details and links on the model that revealed the bug since it was interesting to a couple of people looking into model-based testing, and to remain here as a reference.
Looking back to the process, I draw two conclusions:
|
Summary of Bug
When going through the authorization logic of the staking module (
staking/types/authz.go
, functionAccept
), I was confused by the parametersallowed
anddenied
of the functionNewStakeAuthorization
.Quoting from the documentation:
However, it seems that it is never possible to have a non-empty
DenyList
with a successful authorization.allowList
anddenyList
may be given, not both (this follows from the functionvalidateAndBech32fy
)allowList
and not in thedenyList
(this follows from the functionAccept
ofauthz.go
: the boolean valueisValidatorExists
has to be set totrue
, or otherwise an error is raised)Thus, if the authorization is to ever be successfully used,
denyList
must always be empty.Is this intended behavior? If so, why not removing
denyList
?Version
e0f812d
For Admin Use
The text was updated successfully, but these errors were encountered: