Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Blackberry Security Fix #135

Merged
merged 28 commits into from
Aug 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@

# Primary repo maintainers

* @davidterpay @nivasan1 @aljo242 @Eric-Warehime
* @aljo242 @Eric-Warehime @technicallyty @wesl-ee
37 changes: 18 additions & 19 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
module github.com/skip-mev/feemarket

go 1.22.3
go 1.22.6

require (
cosmossdk.io/api v0.7.5
cosmossdk.io/client/v2 v2.0.0-00010101000000-000000000000
cosmossdk.io/core v0.11.0
cosmossdk.io/depinject v1.0.0-alpha.4
cosmossdk.io/core v0.11.1
cosmossdk.io/depinject v1.0.0
cosmossdk.io/errors v1.0.1
cosmossdk.io/log v1.3.1
cosmossdk.io/math v1.3.0
Expand All @@ -16,14 +16,14 @@ require (
cosmossdk.io/x/evidence v0.1.1
cosmossdk.io/x/feegrant v0.1.1
cosmossdk.io/x/nft v0.1.1
cosmossdk.io/x/tx v0.13.3
cosmossdk.io/x/upgrade v0.1.3
cosmossdk.io/x/tx v0.13.4
cosmossdk.io/x/upgrade v0.1.4
github.com/client9/misspell v0.3.4
github.com/cometbft/cometbft v0.38.8
github.com/cometbft/cometbft v0.38.11
github.com/cosmos/cosmos-db v1.0.2
github.com/cosmos/cosmos-proto v1.0.0-beta.5
github.com/cosmos/cosmos-sdk v0.50.7
github.com/cosmos/gogoproto v1.5.0
github.com/cosmos/cosmos-sdk v0.50.9
github.com/cosmos/gogoproto v1.6.0
github.com/golang/protobuf v1.5.4
github.com/golangci/golangci-lint v1.59.1
github.com/grpc-ecosystem/grpc-gateway v1.16.0
Expand All @@ -33,9 +33,9 @@ require (
github.com/spf13/viper v1.19.0
github.com/stretchr/testify v1.9.0
github.com/vektra/mockery/v2 v2.43.2
golang.org/x/tools v0.22.0
golang.org/x/tools v0.24.0
google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3
google.golang.org/grpc v1.64.1
google.golang.org/grpc v1.65.0
google.golang.org/protobuf v1.34.2
mvdan.cc/gofumpt v0.6.0
pgregory.net/rapid v1.1.0
Expand Down Expand Up @@ -222,7 +222,6 @@ require (
github.com/ldez/tagliatelle v0.5.0 // indirect
github.com/leonklingele/grouper v1.1.2 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
github.com/linxGnu/grocksdb v1.8.14 // indirect
github.com/lufeee/execinquery v1.2.1 // indirect
github.com/macabu/inamedparam v0.1.3 // indirect
Expand Down Expand Up @@ -323,20 +322,20 @@ require (
go.uber.org/automaxprocs v1.5.3 // indirect
go.uber.org/multierr v1.10.0 // indirect
go.uber.org/zap v1.24.0 // indirect
golang.org/x/crypto v0.24.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect
golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect
golang.org/x/mod v0.18.0 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/mod v0.20.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.20.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/term v0.21.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.23.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.5.0 // indirect
google.golang.org/api v0.180.0 // indirect
google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
Expand Down
70 changes: 34 additions & 36 deletions go.sum

Large diffs are not rendered by default.

10 changes: 9 additions & 1 deletion tests/app/ante.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
// AnteHandlerOptions are the options required for constructing an SDK AnteHandler with the fee market injected.
type AnteHandlerOptions struct {
BaseOptions authante.HandlerOptions
BankKeeper feemarketante.BankKeeper
AccountKeeper feemarketante.AccountKeeper
FeeMarketKeeper feemarketante.FeeMarketKeeper
}
Expand All @@ -26,7 +27,7 @@ func NewAnteHandler(options AnteHandlerOptions) (sdk.AnteHandler, error) {
}

if options.BaseOptions.BankKeeper == nil {
return nil, errorsmod.Wrap(sdkerrors.ErrLogic, "bank keeper is required for ante builder")
return nil, errorsmod.Wrap(sdkerrors.ErrLogic, "base options bank keeper is required for ante builder")
}

if options.BaseOptions.SignModeHandler == nil {
Expand All @@ -37,6 +38,10 @@ func NewAnteHandler(options AnteHandlerOptions) (sdk.AnteHandler, error) {
return nil, errorsmod.Wrap(sdkerrors.ErrLogic, "feemarket keeper is required for ante builder")
}

if options.BankKeeper == nil {
return nil, errorsmod.Wrap(sdkerrors.ErrLogic, "bank keeper keeper is required for ante builder")
}

anteDecorators := []sdk.AnteDecorator{
authante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first
authante.NewExtensionOptionsDecorator(options.BaseOptions.ExtensionOptionChecker),
Expand All @@ -45,6 +50,9 @@ func NewAnteHandler(options AnteHandlerOptions) (sdk.AnteHandler, error) {
authante.NewValidateMemoDecorator(options.AccountKeeper),
authante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper),
feemarketante.NewFeeMarketCheckDecorator( // fee market check replaces fee deduct decorator
options.AccountKeeper,
options.BankKeeper,
options.BaseOptions.FeegrantKeeper,
options.FeeMarketKeeper,
authante.NewDeductFeeDecorator(
options.AccountKeeper,
Expand Down
2 changes: 1 addition & 1 deletion tests/app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,7 @@ func NewSimApp(
anteOptions := AnteHandlerOptions{
BaseOptions: anteHandlerOptions,
AccountKeeper: app.AccountKeeper,
BankKeeper: app.BankKeeper,
FeeMarketKeeper: app.FeeMarketKeeper,
}
anteHandler, err := NewAnteHandler(anteOptions)
Expand All @@ -530,7 +531,6 @@ func NewSimApp(
postHandlerOptions := PostHandlerOptions{
AccountKeeper: app.AccountKeeper,
BankKeeper: app.BankKeeper,
FeeGrantKeeper: app.FeeGrantKeeper,
FeeMarketKeeper: app.FeeMarketKeeper,
}
postHandler, err := NewPostHandler(postHandlerOptions)
Expand Down
14 changes: 6 additions & 8 deletions tests/app/feemarketd/cmd/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,10 @@ import (
"io"
"os"

"github.com/skip-mev/feemarket/tests/app"

cmtcfg "github.com/cometbft/cometbft/config"
dbm "github.com/cosmos/cosmos-db"
"github.com/spf13/cobra"
"github.com/spf13/viper"

"cosmossdk.io/log"
confixcmd "cosmossdk.io/tools/confix/cmd"

cmtcfg "github.com/cometbft/cometbft/config"
dbm "github.com/cosmos/cosmos-db"
"github.com/cosmos/cosmos-sdk/client"
"github.com/cosmos/cosmos-sdk/client/debug"
"github.com/cosmos/cosmos-sdk/client/flags"
Expand All @@ -30,6 +24,10 @@ import (
authcmd "github.com/cosmos/cosmos-sdk/x/auth/client/cli"
"github.com/cosmos/cosmos-sdk/x/crisis"
genutilcli "github.com/cosmos/cosmos-sdk/x/genutil/client/cli"
"github.com/spf13/cobra"
"github.com/spf13/viper"

"github.com/skip-mev/feemarket/tests/app"
)

// initCometBFTConfig helps to override default CometBFT Config values.
Expand Down
2 changes: 0 additions & 2 deletions tests/app/post.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ type PostHandlerOptions struct {
AccountKeeper feemarketpost.AccountKeeper
BankKeeper feemarketpost.BankKeeper
FeeMarketKeeper feemarketpost.FeeMarketKeeper
FeeGrantKeeper feemarketpost.FeeGrantKeeper
}

// NewPostHandler returns a PostHandler chain with the fee deduct decorator.
Expand All @@ -34,7 +33,6 @@ func NewPostHandler(options PostHandlerOptions) (sdk.PostHandler, error) {
feemarketpost.NewFeeMarketDeductDecorator(
options.AccountKeeper,
options.BankKeeper,
options.FeeGrantKeeper,
options.FeeMarketKeeper,
),
}
Expand Down
67 changes: 60 additions & 7 deletions tests/e2e/setup.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (s *TestSuite) QueryParams() types.Params {
cc, err := grpc.NewClient(grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
s.Require().NoError(err)

// create the oracle client
// create the feemarket client
c := types.NewQueryClient(cc)

resp, err := c.Params(context.Background(), &types.ParamsRequest{})
Expand All @@ -91,6 +91,29 @@ func (s *TestSuite) QueryParams() types.Params {
return resp.Params
}

func (s *TestSuite) QueryBalance(user ibc.Wallet) sdk.Coin {
s.T().Helper()

// get grpc address
grpcAddr := s.chain.GetHostGRPCAddress()

// create the client
cc, err := grpc.NewClient(grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
s.Require().NoError(err)

// create the bank client
c := banktypes.NewQueryClient(cc)

resp, err := c.Balance(context.Background(), &banktypes.QueryBalanceRequest{
Address: user.FormattedAddress(),
Denom: defaultDenom,
})
s.Require().NoError(err)
s.Require().NotNil(*resp.Balance)

return *resp.Balance
}

func (s *TestSuite) QueryState() types.State {
s.T().Helper()

Expand All @@ -100,7 +123,7 @@ func (s *TestSuite) QueryState() types.State {
cc, err := grpc.NewClient(grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
s.Require().NoError(err)

// create the oracle client
// create the feemarket client
c := types.NewQueryClient(cc)

resp, err := c.State(context.Background(), &types.StateRequest{})
Expand All @@ -119,7 +142,7 @@ func (s *TestSuite) QueryDefaultGasPrice() sdk.DecCoin {
cc, err := grpc.NewClient(grpcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
s.Require().NoError(err)

// create the oracle client
// create the feemarket client
c := types.NewQueryClient(cc)

resp, err := c.GasPrice(context.Background(), &types.GasPriceRequest{
Expand Down Expand Up @@ -339,13 +362,32 @@ func (s *TestSuite) SendCoinsMultiBroadcast(ctx context.Context, sender, receive
}
}

tx := s.CreateTx(s.chain, sender, fees.String(), gas, msgs...)
tx := s.CreateTx(s.chain, sender, fees.String(), gas, false, msgs...)

// get an rpc endpoint for the chain
c := s.chain.Nodes()[0].Client
return c.BroadcastTxCommit(ctx, tx)
}

func (s *TestSuite) SendCoinsMultiBroadcastAsync(ctx context.Context, sender, receiver ibc.Wallet, amt, fees sdk.Coins,
gas int64, numMsg int, bumpSequence bool,
) (*coretypes.ResultBroadcastTx, error) {
msgs := make([]sdk.Msg, numMsg)
for i := 0; i < numMsg; i++ {
msgs[i] = &banktypes.MsgSend{
FromAddress: sender.FormattedAddress(),
ToAddress: receiver.FormattedAddress(),
Amount: amt,
}
}

tx := s.CreateTx(s.chain, sender, fees.String(), gas, bumpSequence, msgs...)

// get an rpc endpoint for the chain
c := s.chain.Nodes()[0].Client
return c.BroadcastTxAsync(ctx, tx)
}

// SendCoins creates a executes a SendCoins message and broadcasts the transaction.
func (s *TestSuite) SendCoins(ctx context.Context, keyName, sender, receiver string, amt, fees sdk.Coins, gas int64) (string, error) {
resp, err := s.ExecTx(
Expand Down Expand Up @@ -383,7 +425,14 @@ func (s *TestSuite) GetAndFundTestUserWithMnemonic(
return nil, fmt.Errorf("failed to get source user wallet: %w", err)
}

_, err = s.SendCoins(
s.FundUser(ctx, chain, amount, user)
return user, nil
}

func (s *TestSuite) FundUser(ctx context.Context, chain ibc.Chain, amount int64, user ibc.Wallet) {
chainCfg := chain.Config()

_, err := s.SendCoins(
ctx,
interchaintest.FaucetAccountKeyName,
interchaintest.FaucetAccountKeyName,
Expand All @@ -393,7 +442,6 @@ func (s *TestSuite) GetAndFundTestUserWithMnemonic(
1000000,
)
s.Require().NoError(err, "failed to get funds from faucet")
return user, nil
}

// GetAndFundTestUsers generates and funds chain users with the native chain denom.
Expand Down Expand Up @@ -433,7 +481,9 @@ func (s *TestSuite) ExecTx(ctx context.Context, chain *cosmos.CosmosChain, keyNa
}

// CreateTx creates a new transaction to be signed by the given user, including a provided set of messages
func (s *TestSuite) CreateTx(chain *cosmos.CosmosChain, user cosmos.User, fee string, gas int64, msgs ...sdk.Msg) []byte {
func (s *TestSuite) CreateTx(chain *cosmos.CosmosChain, user cosmos.User, fee string, gas int64,
bumpSequence bool, msgs ...sdk.Msg,
) []byte {
bc := cosmos.NewBroadcaster(s.T(), chain)

ctx := context.Background()
Expand All @@ -457,6 +507,9 @@ func (s *TestSuite) CreateTx(chain *cosmos.CosmosChain, user cosmos.User, fee st

// update sequence number
txf = txf.WithSequence(txf.Sequence())
if bumpSequence {
txf = txf.WithSequence(txf.Sequence() + 1)
}

// sign the tx
txBuilder, err := txf.BuildUnsignedTx(msgs...)
Expand Down
Loading
Loading