Chore/release v22 tests #410
Merged
+4,027
−623
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add MaxWebAuthDataSize constant (64KB) to prevent oversized payloads - Add ErrWebAuthDataTooLarge error type for size validation failures - Implement size validation in WebAuthNVerifyRegister and WebAuthNVerifyAuthenticate endpoints - Add comprehensive tests for size limit validation - Mitigates DoS vulnerability where attackers could send large CBOR payloads causing linear CPU/memory usage
Fixes vulnerability where gas was charged before calling GetAllowance(), allowing attackers to force validators to consume excessive gas for minimal fees by crafting transactions with many failing allowances. Changes: - Move gas consumption to after successful GetAllowance() calls - Add comprehensive tests demonstrating vulnerability and fix - Preserve existing functionality for legitimate use cases Security Impact: - Eliminates DoS vector via economic gas/fee mismatch - Ensures fair gas accounting for failed operations - Prevents validators from working beyond intended parameters 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
…chore/release-v22-tests
This test addresses security report #52897 by verifying that MsgSetPlatformMinimum can be submitted as a direct CLI transaction and properly processed by the network. The test includes three comprehensive scenarios: 1. DirectCLITransaction: Validates message creation, serialization, and sdk.Msg interface 2. TransactionPipelineIntegration: Tests full transaction pipeline via governance 3. MessageBroadcastingAndProcessing: Verifies network compatibility and processing This ensures the message works correctly in production transaction flows, confirming the vulnerability has been resolved. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces significant improvements to the project's developer workflow and test coverage. The most important changes are the addition of comprehensive unit tests for the ante and post handler constructors, a major overhaul of the
README.mdto better document the Makefile targets and development process, and minor dependency import updates. These changes collectively enhance reliability, maintainability, and ease of onboarding for new contributors.Testing improvements:
app/ante_test.goto validate error handling and coverage forNewAnteHandlerandNewPostHandler, ensuring all configuration errors are caught and all code paths are exercised for 100% coverage.Documentation and developer workflow:
README.mdto provide detailed documentation of Makefile targets, modular organization, prerequisites, and example workflows, making it easier for developers to understand and use the build and test system..husky/hooks/pre-committo usemake test-coverfor consistency with the new Makefile-based workflow.Dependency management:
app/app_test.goto support new testing and API features, improving test reliability and code clarity.