-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attacker validator can issue steak at AnteHandler #2772
Comments
You mean sending in invalid signature and checkTx ignores validating signatures? |
yes @alexanderbez |
it remains in unconfirmed txs in mempool and once the attacker propose, it get broadcasted @alexanderbez |
Indeed! Good catch @kauchy! |
gaia-9001 can not delegate now,because unbond pool is nearly negative😱 |
Excellent catch. Thanks @kauchy. This is the most directly profitable exploit, but I think the underlying problem is more general - a proposer can cause partial state changes to be written from the ante handler even when the ante handler fails. Maybe we need to revert state changes when running the ante handler in |
I confirm, we can't delegate anymore. Seems to affect all validators? |
This sounds like a separate bug. What's the error? |
Same as what aurel posted:
|
Same our end too:
|
Thanks @kauchy!! good job sir! |
the issue steak do not add by lossen pool,but can delegate,this made lossen nearly 0,so no one can delegate now @cwgoes |
@gamarin2 OK - that's presumably happening since tokens were minted without being deducted but the pool tracking total supply wasn't updated (since the tokens never should have been minted). |
awesome, thanks for discovering and sharing. |
thanks for sharing before GoS begins! |
Thanks for sharing. @kauchy And we want to give you 300Atom after mainnet launching. Great work ! |
Amazing! Right before GoS 👏 |
Also add 200 Atoms from me ! |
Summary of Bug
In AnteHandler, FeeCollectionKeeper adds collected fees before saving signerAccs[0].
Attacker validator can send txs with fee and signerAccs[0] holding a false pubkey, ignoring the sig check error in CheckTx. Such txs will pass to DeliverTx, the FeeCollectionKeeper will collect fees, but these fees won't be charged from attacker's account due to sig check failure.
At gaia-9001 block 31998, we use this bug issue 150000 steaks.
@rigelrozanski
For Admin Use
The text was updated successfully, but these errors were encountered: