-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem: currently used go-ethereum contains a known vulnerability #143
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably the more precise problem is: "Problem: currently used go-ethereum contains a known vulnerability" :)
I guess also a changelog entry can be added?
If the current testnet is to be upgraded via a state export -- I guess it'd also need genesis migrations to add the new module (or are there any other breaking changes?)?
@@ -40,6 +40,3 @@ replace github.com/cosmos/ibc-go => github.com/crypto-org-chain/ibc-go v1.0.1-ho | |||
replace github.com/peggyjv/gravity-bridge/module => github.com/crypto-org-chain/gravity-bridge/module v0.1.22-0.20211004080324-36ed315b3281 | |||
|
|||
replace github.com/cosmos/iavl => github.com/cosmos/iavl v0.17.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this IAVL line necessary? it should be by default in 0.44.1?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/tendermint/tendermint/blob/v0.34.13/go.mod#L16
it seems still needed, tendermint still depends on the old iavl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
submitted tendermint/tendermint#7089, I think it can be backported to v0.34.x.
Let's wait until we have a more stable version of ethermint before upgrading and adding a Changelog entry? (unless we are planning release soon) It seems the bump to 1.10.9 is still work in progress and might take few more days to complete |
Currently there's a panic here: https://github.com/tharsis/ethermint/blob/main/rpc/ethereum/backend/utils.go#L53, because the |
Codecov Report
@@ Coverage Diff @@
## main #143 +/- ##
==========================================
+ Coverage 21.51% 26.33% +4.82%
==========================================
Files 27 33 +6
Lines 1729 2407 +678
==========================================
+ Hits 372 634 +262
- Misses 1324 1729 +405
- Partials 33 44 +11
Continue to review full report at Codecov.
|
Closes: crypto-org-chain#142 crypto-org-chain#102 Solution: - update to ethermint's recent main branch - add feemarket module changelog
CHANGELOG.md
Outdated
@@ -9,6 +9,8 @@ | |||
|
|||
### Improvements | |||
- [cronos#162](https://github.com/crypto-org-chain/cronos/pull/162) bump ibc-go to v1.2.1 with hooks support | |||
- [cronos#143](https://github.com/crypto-org-chain/cronos/pull/143) update go-ethereum to 1.10.9 and add fee market |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe specify upgrade ethermint
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -9,6 +9,8 @@ | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure if changelog should also comment on breaking changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
copied some ethermint changelog.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
on hold
ethermint has upgraded, we just need to update to ethermint main branch later. |
Closes: #142 #102
Solution:
👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻
PR Checklist:
make
)make test
)go fmt
)golangci-lint run
)go list -json -m all | nancy sleuth
)Thank you for your code, it's appreciated! :)