Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgradetypes.ModuleName has been mistakenly added to SetOrderBeginBlockers #21

Closed
howlbot-integration bot opened this issue Jun 21, 2024 · 3 comments
Closed

upgradetypes.ModuleName has been mistakenly added to SetOrderBeginBlockers #21

howlbot-integration bot opened this issue Jun 21, 2024 · 3 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_03_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@howlbot-integration
Copy link

Lines of code

https://github.com/code-423n4/2024-05-canto/blob/main/canto-main/app/app.go#L823
https://github.com/code-423n4/2024-05-canto/blob/main/ethermint-main/app/app.go#L695

Vulnerability details

Description

According to the upgrading guide of cosmos sdk for version 0.50.6, when using (legacy) application wiring, the following must be added to app.go:

+app.ModuleManager.SetOrderPreBlockers(
+	upgradetypes.ModuleName,
+)

app.ModuleManager.SetOrderBeginBlockers(
-	upgradetypes.ModuleName,
)

However, in the app.go of Canto and Ethermint, the upgradetypes.ModuleName under SetOrderBeginBlockers has not been removed.

Canto App
File: app.go
823: 		upgradetypes.ModuleName, //@audit should be removed? 

Ethermint App
File: app.go
668: 		upgradetypes.ModuleName,//@audit should be removed

Impact

Running the same module twice in a single block cycle can introduce unnecessary computational overhead. This redundancy can slow down block processing without adding any benefit.

Proof of Concept

Consider this scenario, in every block processing, upgradetypes.ModuleName will be executed twice, one in preblock phase and one in beginblock phase. This will delay the overall performance of Canto blockchain as well as unnecessary consumption of resources.

Tools Used

Manual Review

Recommended Mitigation Steps

Remove the upgradetypes.ModuleName under SetOrderBeginBlockers as per upgrade guide.

Assessed type

Other
@howlbot-integration howlbot-integration bot added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value 🤖_03_group AI based duplicate group recommendation 🤖_primary AI based primary recommendation bug Something isn't working primary issue Highest quality submission among a set of duplicates sufficient quality report This report is of sufficient quality labels Jun 21, 2024
howlbot-integration bot added a commit that referenced this issue Jun 21, 2024
@howlbot-integration
Ocean_Sky issue #21
bab9674
@poorphd poorphd added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Jun 26, 2024
@poorphd
Copy link

poorphd commented Jun 26, 2024

  • Labels
    • sponsor disputed
  • Reasoning
    • As demonstrated in the upgrades/v8/upgrades_test, the Upgrade handler is called only once. This is because, even though the upgrade module is set in both the PreBlocker and the BeginBlocker order (as seen in canto and ethermint), the actual upgrade module logic exists only in the PreBlocker, as shown in the sdk code. This means the upgrade does not execute twice in the BeginBlocker because the BeginBlock checks for HasBeginBlocker, ensuring the Upgrade module is not triggered in BeginBlock, which can be verified in the code. Thus, this is not a vulnerability.
    • For better code aesthetics and to avoid potential misunderstandings, it would be advisable to remove the upgrade module from the BeginBlocker ordering. However, such a change does not impact the security of the app and is not necessary to implement at the audit stage.
  • Severity
    • MidNot valid
  • Patch
    • N/A
  • Appendix

@3docSec
Copy link

3docSec commented Jun 26, 2024

I agree with the sponsor. The finding is inconsequential because for a hook to be called, the module needs to implement the right interface. And because x/upgrade doesn't, the SetOrderBeginBlockers call has no effect

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Jun 26, 2024
@c4-judge
Copy link

3docSec marked the issue as unsatisfactory:
Invalid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_03_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c4-judge @poorphd @3docSec