Attacker can submit TX with negative Fee minting tokens #2776

hendrikhofstadt · 2018-11-12T15:13:31Z

Summary of Bug

The StdTx.Fee can be set to a negative amount.

Since there is no validation both the FeePool will be corrupted and the first signature's balance increased.

This is a critical problem since any account can drain the fee pool and add the tokens to their own account.

Set StdTx to a negative Coins amount

cwgoes · 2018-11-12T15:48:51Z

Ref #1273, which would have prevented this entire class of bugs, of which there have been several so far.

hendrikhofstadt · 2018-11-12T15:59:04Z

Potentially fits the security tag as well.

@cwgoes I agree. Any particular reason #1273 has not been implemented yet ? That could also avoid a lot of redundant .LT(0) checks.

cwgoes · 2018-11-12T16:03:34Z

Any particular reason #1273 has not been implemented yet?

Not any good one. We're on it.

hendrikhofstadt closed this as completed Nov 12, 2018

hendrikhofstadt reopened this Nov 12, 2018

alexanderbez added T:Bug critical labels Nov 12, 2018

jackzampolin mentioned this issue Nov 12, 2018

Game of Stakes / gaia-9002 release checklist #2754

Closed

27 tasks

alexanderbez self-assigned this Nov 12, 2018

zmanian mentioned this issue Nov 12, 2018

Gaia-9001 halt stack trace #2777

Closed

alexanderbez mentioned this issue Nov 13, 2018

[R4R] Add Safety Measures to Coin/Coins #2797

Merged

5 tasks

jaekwon closed this as completed in #2797 Nov 20, 2018

tarcieri mentioned this issue Aug 20, 2020

Replace amino with protobuf types informalsystems/tendermint-rs#527

Merged

5 tasks