-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BaseApp Security Improvements #3801
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #3801 +/- ##
==========================================
Coverage ? 60.94%
==========================================
Files ? 192
Lines ? 14323
Branches ? 0
==========================================
Hits ? 8729
Misses ? 5025
Partials ? 569 |
@jackzampolin @cwgoes I think we should get this in for the 0.33 release. Thoughts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few questions.
baseapp/baseapp.go
Outdated
@@ -510,6 +513,19 @@ func handleQueryCustom(app *BaseApp, path []string, req abci.RequestQuery) (res | |||
} | |||
} | |||
|
|||
func (app *BaseApp) validateHeight(req abci.RequestBeginBlock) error { | |||
if req.Header.Height < 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think Tendermint starts at height 1 now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, but can the same be said for other consensus engines?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not necessarily, but I think we should panic otherwise, because elsewhere in the SDK we assume that the first block height is 1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair point -- updated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can a comment be made somewhere or we amend ABCI to stipulate that the first block is at height 1?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ValarDragon yes, I'll follow up on this.
@cwgoes addressed your comments |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good check!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK - thanks @alexanderbez
A series of small BaseApp security improvements spawned by a lovely review by @ValarDragon.
closes: #3791
closes: #3790
Targeted PR against correct branch (see CONTRIBUTING.md)
Linked to github-issue with discussion and accepted design OR link to spec that describes this work.
Wrote tests
Updated relevant documentation (
docs/
)Added entries in
PENDING.md
with issue #rereviewed
Files changed
in the github PR explorerFor Admin Use: