-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
types: Coin.Validate should also check that .Amount is not nil before trying to deference it; not only check that .Denom is valid #15690
Labels
Comments
odeke-em
added a commit
that referenced
this issue
Apr 4, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 4, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 4, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 4, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 4, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 4, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 5, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Found and reported by the Quicksilver team. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 5, 2023
This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690
odeke-em
added a commit
that referenced
this issue
Apr 8, 2023
Adds a fuzz test for QueryBalance in which we shall feed it inputs and watch for any panics that'll then get reported and could potentially take down nodes. This test independently had found the bug reported in #15690
odeke-em
added a commit
that referenced
this issue
Apr 10, 2023
Adds a fuzz test for QueryBalance in which we shall feed it inputs and watch for any panics that'll then get reported and could potentially take down nodes. This test independently had found the bug reported in #15690
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary of Bug
Reported offline by @zanicar in a scenario in which they sent a JSON payload with an amount that can't JSON unmarshal
{"Denom": "stake", "Amount": 10000}
, that value when JSON unmarshalled silently throws Amount away but saves .Denom and the code in .Validate() solely checks that .Denom is valid percosmos-sdk/types/coin.go
Lines 42 to 52 in 445dc8a
Version
445dc8a
Remedy
We should also check that .Amount is not nil before trying to dereference it
The text was updated successfully, but these errors were encountered: