Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: get keyring backend #11484

Merged
merged 2 commits into from
Mar 29, 2022
Merged

feat: get keyring backend #11484

merged 2 commits into from
Mar 29, 2022

Conversation

fedekunze
Copy link
Collaborator

@fedekunze fedekunze commented Mar 29, 2022

Description

This PR introduces a getter for the keyring backend type used in the keyring config. This is useful to disable endpoints whenever the keyring test backend is used. This is a workaround since the SDK keyring dependency doesn't support locking accounts. See 99designs/keyring#85 for context.

Attack on ethereum that affects Ethermint chain validators/nodes using keyring_backend=test, making their funds remotely accessible via eth_sendTransaction

https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • confirmed that this PR does not change production code

@fedekunze fedekunze self-assigned this Mar 29, 2022
@fedekunze fedekunze marked this pull request as ready for review March 29, 2022 10:10
@fedekunze fedekunze added this to the v0.46 milestone Mar 29, 2022
Copy link
Member

@tac0turtle tac0turtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

crypto/keyring/keyring.go Show resolved Hide resolved
@fedekunze fedekunze added C:Keys Keybase, KMS and HSMs A:automerge Automatically merge PR once all prerequisites pass. and removed backport/0.45.x labels Mar 29, 2022
@fedekunze fedekunze requested a review from amaury1093 March 29, 2022 10:19
@fedekunze fedekunze changed the title imp: get keyring backend feat: get keyring backend Mar 29, 2022
Copy link
Contributor

@amaury1093 amaury1093 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mergify mergify bot merged commit 2083bc8 into master Mar 29, 2022
@mergify mergify bot deleted the fedekunze/get-kr-backend branch March 29, 2022 13:15
@fedekunze
Copy link
Collaborator Author

@mergify backport release/v0.46.x

mergify bot pushed a commit that referenced this pull request Mar 30, 2022
## Description

This PR introduces a getter for the keyring backend type used in the keyring config. This is useful to disable endpoints whenever the keyring `test` backend is used. This is a workaround since the SDK keyring dependency doesn't support locking accounts. See 99designs/keyring#85 for context.

Attack on ethereum that affects Ethermint chain validators/nodes using `keyring_backend=test`, making their funds remotely accessible via `eth_sendTransaction`

https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/

---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [x] reviewed "Files changed" and left comments if necessary
- [x] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed all author checklist items have been addressed
- [ ] confirmed that this PR does not change production code

(cherry picked from commit 2083bc8)
@mergify
Copy link
Contributor

mergify bot commented Mar 30, 2022

backport release/v0.46.x

✅ Backports have been created

Hey, I reacted but my real name is @Mergifyio

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A:automerge Automatically merge PR once all prerequisites pass. C:Keys Keybase, KMS and HSMs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants