From a919fbf5cfaf00d074bbcb0df9b0b9d31111c264 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 25 Feb 2022 10:44:23 +0100 Subject: [PATCH] fix: reject query with block height in the future (backport #11222) (#11266) * fix: reject query with block height in the future (#11222) Closes: #11220 Should be good to backport to older versions. --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) (cherry picked from commit 6324b5affb1f2f76965928c2ab04744b372be038) * fix conflicts Co-authored-by: yihuang Co-authored-by: marbar3778 --- CHANGELOG.md | 1 + baseapp/abci.go | 13 +++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b3b716a91774..e0ecb5a63563b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,6 +67,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (grpc) [\#10985](https://github.com/cosmos/cosmos-sdk/pull/10992) The `/cosmos/tx/v1beta1/txs/{hash}` endpoint returns a 404 when a tx does not exist. * [\#10990](https://github.com/cosmos/cosmos-sdk/pull/10990) Fixes missing `iavl-cache-size` config parsing in `GetConfig` method. +* [#11222](https://github.com/cosmos/cosmos-sdk/pull/11222) reject query with block height in the future ### Improvements diff --git a/baseapp/abci.go b/baseapp/abci.go index bcf72cff4ddf4..e46259ec9ee3a 100644 --- a/baseapp/abci.go +++ b/baseapp/abci.go @@ -622,9 +622,18 @@ func (app *BaseApp) createQueryContext(height int64, prove bool) (sdk.Context, e return sdk.Context{}, err } + lastBlockHeight := app.LastBlockHeight() + if height > lastBlockHeight { + return sdk.Context{}, + sdkerrors.Wrap( + sdkerrors.ErrInvalidHeight, + "cannot query with height in the future; please provide a valid height", + ) + } + // when a client did not provide a query height, manually inject the latest if height == 0 { - height = app.LastBlockHeight() + height = lastBlockHeight } if height <= 1 && prove { @@ -640,7 +649,7 @@ func (app *BaseApp) createQueryContext(height int64, prove bool) (sdk.Context, e return sdk.Context{}, sdkerrors.Wrapf( sdkerrors.ErrInvalidRequest, - "failed to load state at height %d; %s (latest height: %d)", height, err, app.LastBlockHeight(), + "failed to load state at height %d; %s (latest height: %d)", height, err, lastBlockHeight, ) }