Fix: Prevent gas charging before GetAllowance in MultiAnyAllowance vulnerability #407
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This pull request updates the project version from v21.0.0 to v22.0.0 across the codebase and documentation to reflect the new release. The most important changes are grouped below: Version bump and upgrade handler: * Updated the `UpgradeName` constant in `app/upgrades.go` from `"v21"` to `"v22"` to prepare for the new upgrade cycle. Documentation updates: * Updated the API version in `client/docs/config.yaml` from `v21.0.0` to `v22.0.0` to match the new release. * Updated the version in `client/docs/static/openapi.json` from `v21.0.0` to `v22.0.0`. * Updated the version in `client/docs/static/swagger.json` from `v21.0.0` to `v22.0.0`.
This pull request updates the codebase and documentation for the next major release (v22) and improves JWT claim handling to prevent panics and ensure robust claim processing. The most important changes are grouped below: ## Version Upgrade * Updated the upgrade name constant in `app/upgrades.go` from `v21` to `v22` to reflect the new release version. * Updated API documentation version to `v22.0.0` in `client/docs/config.yaml`, `client/docs/static/openapi.json`, and `client/docs/static/swagger.json`. [[1]](diffhunk://#diff-f8c6defcc262f9da2d31c779a3bf423772af16800e312eb9f0ef4fb861688252L5-R5) [[2]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL6-R6) [[3]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaL6-R6) ## JWT Claim Handling Improvements * Enhanced the JWT validation logic in `x/jwk/keeper/query_validate_jwt.go` to robustly handle non-string private claims: now all claim values are stringified using type checks, JSON marshaling, or fallback formatting, preventing panics and ensuring claims are returned as strings. * Added a regression test in `x/jwk/keeper/query_test.go` to verify that non-string private claims do not cause panics and are properly stringified in JWT validation responses. * Added necessary imports for JSON and formatting in `x/jwk/keeper/query_validate_jwt.go` to support the improved claim stringification logic.
This pull request introduces several improvements and fixes across integration tests, coverage reporting scripts, dependency management, and core logic. The most significant changes include enhanced integration test coverage for message encoding bugs, stricter global fee bypass gas limit enforcement, and updates to coverage reporting thresholds. Additionally, there are dependency cleanups and additions for better test reliability. **Integration test improvements:** * Added `TestMsgSetPlatformMinimumCodecBug` to `integration_tests/minimum_fee_test.go` to verify that `MsgSetPlatformMinimum` correctly implements all required methods and encodes/decodes as expected, addressing a prior security report. (Fcdfb898L742R742) * Improved `TestWebAuthNAbstractAccount` in `integration_tests/webauthn_test.go` by ensuring block commitment before transactions and using deterministic assertions for balance checks. [[1]](diffhunk://#diff-80ecc513d7b1475e00030f6f584e0effcd5bf324d68413a0c3ad748048ac68f5R152-R154) [[2]](diffhunk://#diff-80ecc513d7b1475e00030f6f584e0effcd5bf324d68413a0c3ad748048ac68f5L267-R281) **Global fee logic and tests:** * Added new test cases to `TestGlobalFeeSetAnteHandler` in `x/globalfee/ante/antetest/fee_test.go` to enforce and validate the maximum bypass gas limit, ensuring excessive gas usage fails as expected and boundary cases pass. **Coverage reporting enhancements:** * Updated `scripts/test-coverage.sh` to raise the threshold for "OK" coverage to 80%, merge low and zero coverage reporting (now <=80%), and clarify output messages for coverage validation. [[1]](diffhunk://#diff-f81ccbb6c44a419fa4852ef44ecb205b0984c0e09cebc9e1d31bcfa0d550da69L6-R14) [[2]](diffhunk://#diff-f81ccbb6c44a419fa4852ef44ecb205b0984c0e09cebc9e1d31bcfa0d550da69L65-R76) [[3]](diffhunk://#diff-f81ccbb6c44a419fa4852ef44ecb205b0984c0e09cebc9e1d31bcfa0d550da69L96-R96) [[4]](diffhunk://#diff-f81ccbb6c44a419fa4852ef44ecb205b0984c0e09cebc9e1d31bcfa0d550da69L117-R117) **Dependency management:** * Removed unused indirect dependencies from `go.mod` and added/testing new ones in `integration_tests/go.mod` for improved reliability and compatibility. [[1]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L92) [[2]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L271) [[3]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L290) [[4]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7R91) [[5]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7R106) [[6]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7R276-R281) **Minor codebase cleanups:** * Removed obsolete comments and improved import statements for clarity and correctness in various files. [[1]](diffhunk://#diff-0f1d2976054440336a576d47a44a37b80cdf6701dd9113012bce0e3c425819b7L331) [[2]](diffhunk://#diff-6def7b3b4a9f821b2aef0339fcaed514bc96dbe8cc0d49a1fcd43334548f6dc8R11) [[3]](diffhunk://#diff-6def7b3b4a9f821b2aef0339fcaed514bc96dbe8cc0d49a1fcd43334548f6dc8R20) [[4]](diffhunk://#diff-3b76906a37233d12e77e967a4782ac8208fa5a0f15883b40cfedc7ce2d70b9d4R8) --------- Signed-off-by: TwiceBurnt <[email protected]> Co-authored-by: Copilot <[email protected]>
…ing (#377) This pull request adds support for deleting audience claims via the CLI, along with comprehensive test coverage for the new command. The main changes include introducing the `CmdDeleteAudienceClaim` command, updating the transaction command registry, and extending the test suite to validate argument handling and command behavior. ### New CLI command for deleting audience claims * Added `CmdDeleteAudienceClaim` function to `tx_audience.go`, allowing users to delete an audience claim by specifying the audience identifier. The implementation includes argument validation, message creation, and transaction broadcasting. ### Command registration * Registered the new `delete-audience-claim` command in the transaction command group within `tx.go`, making it available in the CLI tool. ### Test coverage for delete audience claim command * Added tests to verify command metadata and argument validation for `delete-audience-claim` in `cli_test.go`. This ensures correct command registration and error handling for missing or invalid arguments. [[1]](diffhunk://#diff-1d46efd4214a00ca13fb864da98971023efe6340b390a9524cbb4b93f9d23833R71) [[2]](diffhunk://#diff-1d46efd4214a00ca13fb864da98971023efe6340b390a9524cbb4b93f9d23833R104-R105) * Extended transaction command tests to include scenarios for deleting audience claims, verifying integration with the CLI. * Added a new test function, `TestDeleteAudienceClaimVariants`, to cover validation errors and context handling for the delete audience claim command.
This pull request improves the handling of platform fee calculations in the `msg_server.go` file by introducing overflow-safe arithmetic. The main enhancement is the use of big integer math to prevent overflow when calculating platform fees for large coin amounts, ensuring correct and safe fee deduction. **Overflow-safe platform fee calculation:** * Updated the platform fee calculation logic in both the `Send` and `MultiSend` message handlers to use big integer arithmetic when coin amounts are too large for standard multiplication, preventing overflow and ensuring accurate fee computation. [[1]](diffhunk://#diff-b026d8897e6cc60e07d9c7e1ca5a374301fbb719566e546a86d9917c4f84b32bL66-R89) [[2]](diffhunk://#diff-b026d8897e6cc60e07d9c7e1ca5a374301fbb719566e546a86d9917c4f84b32bL126-R169) * Added import of the `math/big` package to support big integer operations for fee calculations. **Testing:** * Minor formatting change in the `TestMsgServer_MultiSend_HighPlatformFee` test to maintain code style consistency. --------- Co-authored-by: Eduardo Diaz <[email protected]>
This pull request introduces a critical security improvement to the application's block processing and addresses a potential gas-related vulnerability in the JWK module. The main changes include adding panic recovery to the `BeginBlocker` to prevent validator shutdowns from malicious WASM contract panics, and ensuring consistent gas consumption between audience creation operations to mitigate spam attacks. **Security improvements:** * Added panic recovery to the `BeginBlocker` in `app/app.go` to prevent network shutdown from malicious WASM contracts that panic during execution. This logs the panic and stack trace, allowing the validator to continue running instead of crashing. * Imported the `runtime/debug` package in `app/app.go` to support stack trace logging in the panic recovery logic. **Gas consistency and anti-spam protections:** * Added extra gas consumption to the `CreateAudience` method in `x/jwk/keeper/msg_server_audience.go` to disincentivize spamming by charging a deployment gas penalty for audience creation. * Added a new test `TestGasConsistency` in `x/jwk/keeper/gas_consistency_test.go` to verify that `CreateAudienceClaim` and `CreateAudience` consume similar amounts of gas, preventing exploitation of gas cost differences for spam attacks.
This pull request introduces comprehensive documentation for the XION module and clarifies the security boundaries of its WebAuthn utilities. The new README provides an overview of the module's architecture, features, and usage, while inline comments in `grpc_query.go` emphasize that WebAuthn functions only perform cryptographic validation and do not grant account access or authorization. These changes help developers understand both the technical and security aspects of the XION module. **Documentation Improvements:** * Added a detailed `README.md` for the `x/xion` module, covering platform fee management, WebAuthn signature validation, Abstract Account architecture, integration points, governance, security model, and testing instructions. **Security Clarifications:** * Added explicit comments to `WebAuthNVerifyRegister` in `grpc_query.go` to clarify that the function only performs cryptographic validation and does not grant permissions or access to accounts; authorization occurs at the contract level. * Added explicit comments to `WebAuthNVerifyAuthenticate` in `grpc_query.go` to clarify that the function does not provide authentication or authorization, but only validates assertions cryptographically.
Fix: Set reasonable IBC packet forwarding hop limit Problem: XION's IBC packet forwarding middleware was configured with a hop limit of 0, which allows unlimited hops in multi-hop IBC transfers. While not a critical vulnerability (due to built-in IBC timeout protections), this configuration could allow unnecessarily long forwarding chains that consume more network resources than needed. Solution: Set the hop limit to 10 in the packet forwarding middleware configuration. This provides: ✅ Sufficient hops for virtually all legitimate multi-hop IBC transfer scenarios ✅ Reasonable resource protection against excessively long forwarding chains ✅ Clear operational boundaries for packet forwarding ✅ Following security best practices for resource management Changes: No breaking changes - 10 hops is more than adequate for normal multi-hop transfers Improved resource management and operational clarity Better defense against potential misuse of the forwarding system Testing: Existing IBC integration tests continue to pass, confirming no functional impact on normal operations.
This pull request updates dependency versions in both the main project and the integration tests, focusing on keeping libraries up-to-date and ensuring compatibility, especially for JWT and JWK handling. The most important changes are grouped below by theme. **Dependency Upgrades (Core and Integration Tests):** * Upgraded several core dependencies in `go.mod`, including `cosmossdk.io/client/v2`, `cosmossdk.io/x/nft`, `github.com/cosmos/rosetta`, `github.com/dvsekhvalnov/jose2go`, `github.com/lestrrat-go/jwx/v2`, `github.com/prometheus/client_golang`, `google.golang.org/grpc`, and `google.golang.org/protobuf`, among others. These upgrades address bug fixes, security patches, and new features. [[1]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L32-R43) [[2]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L57-R162) [[3]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L178-R182) [[4]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L205-R276) * Updated dependencies in `integration_tests/go.mod`, aligning versions with the main project and upgrading key libraries such as `github.com/lestrrat-go/jwx/v2`, `github.com/dvsekhvalnov/jose2go`, and `google.golang.org/protobuf`. [[1]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7R8-R12) [[2]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7L38-R96) **JWT/JWK Handling Improvements:** * Refactored imports in integration test files to use the new `github.com/lestrrat-go/jwx/v2/jwk` path, ensuring compatibility with the updated JWK library. [[1]](diffhunk://#diff-eb33b824c55abc74c9b80cf978c8f994c6647fd69bd19df9d0d4312ee395beadL30-R30) [[2]](diffhunk://#diff-450ab798908d6ddc60f9a3f1af6040b76dde64c93babf7e23338863895251c87L29-R29) * Updated JWK handling code in integration tests to use `jwk.FromRaw` instead of the deprecated `jwk.New` constructor, following the new library API. [[1]](diffhunk://#diff-eb33b824c55abc74c9b80cf978c8f994c6647fd69bd19df9d0d4312ee395beadL78-R78) [[2]](diffhunk://#diff-450ab798908d6ddc60f9a3f1af6040b76dde64c93babf7e23338863895251c87L140-R140) [[3]](diffhunk://#diff-450ab798908d6ddc60f9a3f1af6040b76dde64c93babf7e23338863895251c87L263-R263) These changes collectively improve code reliability, maintainability, and compatibility with the latest upstream libraries. --------- Signed-off-by: TwiceBurnt <[email protected]>
This pull request strengthens the fee validation logic for bypass-type transactions and adds comprehensive tests to ensure correct enforcement of gas limits and fee denomination rules. Now, bypass-type messages are only exempt from minimum fee checks if their gas usage stays within a configured cap, and any fees provided must use allowed denominations when global fees are set. **Fee validation enhancements:** * Enforces a maximum gas usage cap (`MaxTotalBypassMinFeeMsgGasUsage`) for bypass-type messages in `FeeDecorator.AnteHandle`. Transactions exceeding this cap must pay fees according to normal rules. * Validates that any fees provided for bypass-type transactions use only allowed denominations when global fees are configured, rejecting transactions with unapproved fee denominations. **Test coverage improvements:** * Adds `TestAnteHandle_BypassGasCap` to verify that bypass-type transactions are only exempt from fee checks when their gas usage is within the cap, and that exceeding the cap enforces fees. * Adds `TestAnteHandle_BypassGasCap_DefaultCapAndLargeGas` to confirm default cap behavior and enforcement for large gas transactions. * Adds `TestAnteHandle_BypassOverCap_CombinesLocalAndGlobalFees` to ensure that when bypass-type transactions exceed the gas cap, the required minimum fees correctly combine local and global fee rules.
- Remove client/ts directory and all TypeScript package code - Remove proto-gen-ts target from Makefile - Remove TypeScript generation from proto-gen.sh script - Remove publish-types.yaml GitHub Actions workflow - Remove buf.gen.ts.yaml and buf.gen.js.yaml proto generation configs TypeScript types package will be maintained in a separate [repository](https://github.com/burnt-labs/xion-types) --------- Co-authored-by: 2xburnt <[email protected]>
…390) Task : https://linear.app/burnt/issue/DO-99/automate-xion-types-typescript-package-releasing - When the release event is of type 'released', it triggers only the first step of xion-types pipeline which is the generation of protobufs - When the box is ticked and the release is set to latest [release event of published type] the whole xion-types pipeline will run - NOTE: in order to test it , I have commented the actual NPM publish action in xion-types . --------- Co-authored-by: TwiceBurnt <[email protected]>
…392) -> client-payload logic description <- - Checks if it's a pre-release: github.event.release.prerelease == true - if the release is marked as a pre-release, it sets release_type to 'prerelease' - If not a pre-release, checks for latest release: github.event.release.prerelease == false && github.event.release.draft == false && github.event.release.make_latest == 'true' - ensures it's not a pre-release, not a draft, and is marked as the latest release - Sets latest tag: If all the above conditions are true, it sets release_type to 'latest' - Fallback to published: If none of the above conditions are met, it sets release_type to 'published' --------- Signed-off-by: TwiceBurnt <[email protected]> Co-authored-by: TwiceBurnt <[email protected]>
…394) This pull request updates the OpenAPI and Swagger documentation for several JWT-related endpoints and response types, and improves the protobuf build process. The main changes include adding descriptive `summary` fields to API endpoints, introducing `title` metadata to several response and object schemas for clarity, and updating the protobuf build targets in the `Makefile` to ensure more comprehensive code generation and validation. **API Documentation Improvements:** * Added `summary` fields to multiple endpoints in `openapi.json` and `swagger.json`, such as `/xion/globalfee/v1/params`, `/xion/jwk/audience`, and `/xion/jwk/audience_claim/{hash}`, providing concise descriptions of their functionality. [[1]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR25052) [[2]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR25141) [[3]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR25360) [[4]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaR22670) [[5]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaR22751) [[6]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaR22942) **Schema and Response Type Enhancements:** * Added `title` metadata to many object and response schemas, such as `Audience`, `AudienceClaim`, `PrivateClaim`, `QueryAudienceAllResponse`, `QueryAudienceResponse`, and `QueryAudienceClaimResponse`, for improved clarity in generated documentation. [[1]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL25163-R25166) [[2]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL25182-R25186) [[3]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR25302-R25306) [[4]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR25376-R25380) [[5]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR25527-R25532) [[6]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47057-R47078) [[7]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47092-R47108) [[8]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47111-R47126) [[9]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47130-R47148) [[10]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47141-R47163) [[11]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaR47178-R47182) [[12]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47200-R47226) [[13]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47313-R47336) [[14]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47322-R47350) [[15]](diffhunk://#diff-386a246a0b4d1f3bb64a258ce2cb6f1f41a779c5d6d0b76d21a77dfc95d67fcaL47334-R47360) [[16]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaL22771-R22774) [[17]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaL22790-R22794) [[18]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaR22892-R22896) [[19]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaR22956-R22960) [[20]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaR23089-R23094) [[21]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaL44549-R44570) [[22]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaL44584-R44600) [[23]](diffhunk://#diff-29ed015c57a76af9d207430ce4bdb8a1a999afde18d1e069e7a03be7953dfcdaL44603-R44618) **Protobuf Build Process Updates:** * Modified the `proto-all` target in the `Makefile` to include `proto-gen-openapi` and `proto-check-breaking`, ensuring OpenAPI specs are generated and breaking changes are checked during builds. These changes collectively improve the developer experience by making the API documentation more descriptive and the build process more robust. --------- Co-authored-by: Justin <[email protected]>
This pull request introduces generated gRPC service code for the `feeabs` module in the Xion blockchain project, specifically for both query and transaction interfaces. Additionally, it updates the build system to support Protobuf generation for Pulsar. These changes enable programmatic access to feeabs module features via gRPC, facilitating integration and automation. ### gRPC Service Code Generation * Added `api/xion/feeabs/v1beta1/query_grpc.pb.go` to provide the gRPC client and server interfaces for querying feeabs module data, including spot price, module balances, and host chain configuration. * Added `api/xion/feeabs/v1beta1/tx_grpc.pb.go` to provide the gRPC client and server interfaces for feeabs module transactions, such as sending queries, cross-chain swaps, funding, parameter updates, and host zone management. ### Build System Enhancement * Updated `Makefile` to add a new `proto-gen-pulsar` target, enabling Protobuf code generation for Pulsar via a dedicated script. --------- Signed-off-by: TwiceBurnt <[email protected]> Co-authored-by: Justin <[email protected]>
- [x] Extend the integration test treasury to replicate the UX. - [x] Update treasury contract to latest version - [x] Update CMD, to reflect updated treasury contract. --------- Co-authored-by: TwiceBurnt <[email protected]>
This pull request updates the protobuf generation workflow and documentation configuration to improve maintainability and clarity. The main changes involve refactoring how OpenAPI documentation is generated, updating dependency management, and cleaning up configuration files. **Protobuf and Documentation Workflow Updates:** * The `proto-all` target in the `Makefile` now directly calls the `proto-gen.sh` script with specific flags for gogo, docs, openapi, and pulsar generation, streamlining the workflow and making it more explicit. * The script `proto-gen.sh` now supports a `--docs` flag, and the OpenAPI documentation generation (`gen_swagger`) uses the updated `buf.gen.openapi.yaml` template instead of the old `buf.gen.docs.yaml`, ensuring correct configuration and consistency. [[1]](diffhunk://#diff-bc4c068f9040e35dbc155fa6ea52e6dd9f119afc8321cbace7d5cf1402622349R149-R152) [[2]](diffhunk://#diff-bc4c068f9040e35dbc155fa6ea52e6dd9f119afc8321cbace7d5cf1402622349L95-R108) **Configuration and Dependency Management:** * The protobuf documentation configuration has been consolidated and updated: `buf.gen.docs.yaml` was removed, and its contents were merged into `buf.gen.openapi.yaml` with correct plugin usage and options. [[1]](diffhunk://#diff-992b93ff37524c9ec31b6c87edf2733bae3fa63930bee2eba2606046de798bc7L1-L18) [[2]](diffhunk://#diff-22473dca1663d036fb805584f2949e48f353943ae6524e498d8db5f34ad25251L1-R17) * Dependency management in `proto-gen.sh` is now explicit, listing all required dependencies and only downloading those, which improves reproducibility and reduces unnecessary downloads. **Codebase Cleanup:** * Minor cleanup was performed in `proto-gen.sh`, such as removing unused code and improving function organization for better readability and maintainability.
This pull request introduces several improvements and fixes to the protobuf and gRPC interfaces for the feeabs module, as well as enhancements to the build pipeline for protobuf files. The main changes include the addition of new fields to protobuf message types for better documentation, refactoring and clarifying enum values, correcting request/response type names in gRPC service definitions, and improving the developer experience with more informative build output. **Protobuf and gRPC API Improvements** * Refactored the `HostChainFeeAbsStatus` enum in `proposal.pulsar.go` to use explicit, descriptive names and added an `UNSPECIFIED` status. Also updated the default return value in `GetStatus()` to `UNSPECIFIED` for clearer semantics. [[1]](diffhunk://#diff-454be66a28ca0001e13f155bf9b260d9adeec093c6e8aa25e4f1c681e4194b37L2283-R2310) [[2]](diffhunk://#diff-454be66a28ca0001e13f155bf9b260d9adeec093c6e8aa25e4f1c681e4194b37L2394-R2402) [[3]](diffhunk://#diff-454be66a28ca0001e13f155bf9b260d9adeec093c6e8aa25e4f1c681e4194b37L2613-R2647) * Added documentation comments to several protobuf message fields, including `ExponentialBackoff`, `GenesisState`, `MsgFundFeeAbsModuleAccount`, `MsgSwapCrossChain`, and `MsgRemoveHostZone`, to clarify their purpose and improve maintainability. [[1]](diffhunk://#diff-e78abdc6868166322d3b2c8faafae49476daf71ccb701997c14cc49e105dafc1R1413-R1415) [[2]](diffhunk://#diff-e4206044299db98dc4925f649f0d7ab3995573ed700b9d9d7c6c7db0bdd07fdbR672-R676) [[3]](diffhunk://#diff-5bc5f6e825a7d804b90bdd63bc9e94367618fda819dd36f997ede5459accb636R5976) [[4]](diffhunk://#diff-5bc5f6e825a7d804b90bdd63bc9e94367618fda819dd36f997ede5459accb636R6113) [[5]](diffhunk://#diff-5bc5f6e825a7d804b90bdd63bc9e94367618fda819dd36f997ede5459accb636R6408) **gRPC Service Definition Fixes** * Corrected request and response type names in the `QueryClient` and `QueryServer` interfaces and their implementations for `FeeabsModuleBalances` and `AllHostChainConfig` methods to ensure consistency with the actual protobuf message names. [[1]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL37-R41) [[2]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL62-R64) [[3]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL82-R84) [[4]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL101-R105) [[5]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL119-R125) [[6]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL168-R168) [[7]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL180-R180) [[8]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL204-R204) [[9]](diffhunk://#diff-b95f6d911017d7cc5095a2aacf1b5524fc3974d8c16689251aaf3752a774ac6aL216-R216) **Protobuf Build Pipeline Enhancements** * Improved the `Makefile` protobuf build pipeline by adding clear, emoji-marked status messages for each step (generation, formatting, linting, breaking change checks), making build output easier to follow and debug. **gRPC API Expansion** * Added new methods to the `MsgClient` interface for managing host zone configurations: `AddHostZone`, `UpdateHostZone`, and `RemoveHostZone`. --------- Signed-off-by: TwiceBurnt <[email protected]>
Fixed the name difference in the build-release step in create-release.yaml It needs to be https://github.com/burnt-labs/xion/blob/workflows/main/.github/workflows/exec-goreleaser.yaml Check the failed run : https://github.com/burnt-labs/xion/actions/runs/17915984497
…ished (#402) Task : https://linear.app/burnt/issue/DO-99/automate-xion-types-typescript-package-releasing - When the release event is of type 'released', it triggers only the first step of xion-types pipeline which is the generation of protobufs - When the box is ticked and the release is set to latest [release event of published type] the whole xion-types pipeline will run - NOTE: in order to test it , I have commented the actual NPM publish action in xion-types . --------- Signed-off-by: TwiceBurnt <[email protected]> Co-authored-by: TwiceBurnt <[email protected]>
…ted] (#403) -> client-payload logic description <- - Checks if it's a pre-release: github.event.release.prerelease == true - if the release is marked as a pre-release, it sets release_type to 'prerelease' - If not a pre-release, checks for latest release: github.event.release.prerelease == false && github.event.release.draft == false && github.event.release.make_latest == 'true' - ensures it's not a pre-release, not a draft, and is marked as the latest release - Sets latest tag: If all the above conditions are true, it sets release_type to 'latest' - Fallback to published: If none of the above conditions are met, it sets release_type to 'published' --------- Signed-off-by: TwiceBurnt <[email protected]> Co-authored-by: TwiceBurnt <[email protected]>
This pull request introduces a new resource leak test for the block lifecycle and updates a wide range of dependencies in both the main and integration test `go.mod` files. The changes are primarily focused on improving test coverage for resource leaks and keeping the project up-to-date with the latest upstream libraries. ### Testing improvements * Added `app/vulnerability_test.go` with a new `TestBlockLifecycleResourceLeak` test to detect goroutine and memory leaks during block lifecycle operations. The test runs multiple iterations, tracks resource usage, and outputs stack traces when leaks are detected. ### Dependency updates (main `go.mod`) * Updated many direct and indirect dependencies, including major upgrades for `github.com/CosmWasm/wasmd`, `github.com/CosmWasm/wasmvm/v3`, `github.com/cosmos/rosetta`, `github.com/dvsekhvalnov/jose2go`, `github.com/go-webauthn/webauthn`, `github.com/lestrrat-go/jwx/v2`, `github.com/prometheus/client_golang`, and others to their latest versions. This helps ensure compatibility, security, and access to new features. [[1]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L32-R47) [[2]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L55-R201) [[3]](diffhunk://#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L196-R294) ### Dependency updates (integration tests) * Updated integration test dependencies to match the latest versions, including `github.com/CosmWasm/wasmd`, `github.com/go-webauthn/webauthn`, `cloud.google.com/go`, and AWS SDK modules. This keeps integration tests consistent with the main codebase and upstream changes. [[1]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7L30-R30) [[2]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7L40-R40) [[3]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7L53-R56) [[4]](diffhunk://#diff-fb3953e4f94de3c0f24c3b70b3b9717472d12038e578ce7834d24572120c3ea7L85-R86)
Fixes vulnerability where gas was charged before calling GetAllowance(), allowing attackers to force validators to consume excessive gas for minimal fees by crafting transactions with many failing allowances. Changes: - Move gas consumption to after successful GetAllowance() calls - Add comprehensive tests demonstrating vulnerability and fix - Preserve existing functionality for legitimate use cases Security Impact: - Eliminates DoS vector via economic gas/fee mismatch - Ensures fair gas accounting for failed operations - Prevents validators from working beyond intended parameters 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Security Fixes
MultiAnyAllowance Gas Charging Vulnerability (CVE-like)
Bypass Messages Gas Limit Enforcement
Test Coverage
Additional Improvements
Security Impact
🤖 Generated with Claude Code