From a7a39e57060621afb0c346240d204d3cf0687fdc Mon Sep 17 00:00:00 2001
From: 170210 <85928898+170210@users.noreply.github.com>
Date: Tue, 26 Mar 2024 20:05:37 +0900
Subject: [PATCH] fix: add missing nil checks (#1299)

* fix: types: ensure .Amount is non-nil in Coin.Validate() (#15691)

This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount.
While here, added a fuzz test along with unit/regression tests.

Fixes #15690

* fix: change math.NewInt to sdk.NewInt

Signed-off-by: 170210 <j170210@icloud.com>

* fix: change to finschia-sdk

Signed-off-by: 170210 <j170210@icloud.com>

* fix: prevent nil DecCoin creation when converting Coins to DecCoins (#12903)

Closes: #12902

---

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)

* chore: update CHANGELOG.md

Signed-off-by: 170210 <j170210@icloud.com>

* fix: fix lint

Signed-off-by: 170210 <j170210@icloud.com>

---------

Signed-off-by: 170210 <j170210@icloud.com>
Co-authored-by: Emmanuel T Odeke <emmanuel@orijtech.com>
Co-authored-by: yys <sw.yunsuk@gmail.com>
---
 CHANGELOG.md           |  1 +
 types/coin.go          |  5 +++++
 types/coin_test.go     | 33 +++++++++++++++++++++++++++++++++
 types/dec_coin.go      | 10 +++++++---
 types/dec_coin_test.go | 23 +++++++++++++++++++++++
 types/fuzz_test.go     | 24 ++++++++++++++++++++++++
 6 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100644 types/fuzz_test.go

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2e01254f4a..fa54a1c1cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -62,6 +62,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/collection) [\#1294](https://github.com/Finschia/finschia-sdk/pull/1294) reject NFT coins on FT APIs
 * (sec) [\#1302](https://github.com/Finschia/finschia-sdk/pull/1302) remove map iteration non-determinism with keys + sorting
 * (client) [\#1303](https://github.com/Finschia/finschia-sdk/pull/1303) fix possible overflow in BuildUnsignedTx 
+* (types) [\#1299](https://github.com/Finschia/finschia-sdk/pull/1299) add missing nil checks
 
 ### Removed
 
diff --git a/types/coin.go b/types/coin.go
index 01358f414b..85d4c405da 100644
--- a/types/coin.go
+++ b/types/coin.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"regexp"
 	"sort"
@@ -44,6 +45,10 @@ func (coin Coin) Validate() error {
 		return err
 	}
 
+	if coin.Amount.IsNil() {
+		return errors.New("amount is nil")
+	}
+
 	if coin.Amount.IsNegative() {
 		return fmt.Errorf("negative coin amount: %v", coin.Amount)
 	}
diff --git a/types/coin_test.go b/types/coin_test.go
index 8f48e89fec..bb5eee2cc6 100644
--- a/types/coin_test.go
+++ b/types/coin_test.go
@@ -1034,6 +1034,39 @@ func (s *coinTestSuite) TestMarshalJSONCoins() {
 	}
 }
 
+func (s *coinTestSuite) TestCoinValidate() {
+	testCases := []struct {
+		name    string
+		coin    sdk.Coin
+		wantErr string
+	}{
+		{"nil coin: nil Amount", sdk.Coin{}, "invalid denom"},
+		{"non-blank coin, nil Amount", sdk.Coin{Denom: "atom"}, "amount is nil"},
+		{"valid coin", sdk.Coin{Denom: "atom", Amount: sdk.NewInt(100)}, ""},
+		{"negative coin", sdk.Coin{Denom: "atom", Amount: sdk.NewInt(-999)}, "negative coin amount"},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t := s.T()
+		t.Run(tc.name, func(t *testing.T) {
+			err := tc.coin.Validate()
+			if tc.wantErr == "" {
+				if err != nil {
+					t.Errorf("Unexpected error: %v", err)
+				}
+				return
+			} else {
+				if err == nil {
+					t.Error("Expected an error")
+				} else if !strings.Contains(err.Error(), tc.wantErr) {
+					t.Errorf("Error mismatch\n\tGot:  %q\nWant: %q", err, tc.wantErr)
+				}
+			}
+		})
+	}
+}
+
 func (s *coinTestSuite) TestCoinAminoEncoding() {
 	cdc := codec.NewLegacyAmino()
 	c := sdk.NewInt64Coin(testDenom1, 5)
diff --git a/types/dec_coin.go b/types/dec_coin.go
index 68fe3b9f95..10856d0fe2 100644
--- a/types/dec_coin.go
+++ b/types/dec_coin.go
@@ -182,10 +182,14 @@ func sanitizeDecCoins(decCoins []DecCoin) DecCoins {
 // NewDecCoinsFromCoins constructs a new coin set with decimal values
 // from regular Coins.
 func NewDecCoinsFromCoins(coins ...Coin) DecCoins {
-	decCoins := make(DecCoins, len(coins))
+	if len(coins) == 0 {
+		return DecCoins{}
+	}
+
+	decCoins := make([]DecCoin, 0, len(coins))
 	newCoins := NewCoins(coins...)
-	for i, coin := range newCoins {
-		decCoins[i] = NewDecCoinFromCoin(coin)
+	for _, coin := range newCoins {
+		decCoins = append(decCoins, NewDecCoinFromCoin(coin))
 	}
 
 	return decCoins
diff --git a/types/dec_coin_test.go b/types/dec_coin_test.go
index 9017bda27c..e2c3ba9028 100644
--- a/types/dec_coin_test.go
+++ b/types/dec_coin_test.go
@@ -546,6 +546,29 @@ func (s *decCoinTestSuite) TestNewDecCoinsWithIsValid() {
 	}
 }
 
+func (s *decCoinTestSuite) TestNewDecCoinsWithZeroCoins() {
+	zeroCoins := append(sdk.NewCoins(sdk.NewCoin("mytoken", sdk.NewInt(0))), sdk.Coin{Denom: "wbtc", Amount: sdk.NewInt(10)})
+
+	tests := []struct {
+		coins        sdk.Coins
+		expectLength int
+	}{
+		{
+			sdk.NewCoins(sdk.NewCoin("mytoken", sdk.NewInt(10)), sdk.NewCoin("wbtc", sdk.NewInt(10))),
+			2,
+		},
+		{
+			zeroCoins,
+			1,
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		s.Require().Equal(sdk.NewDecCoinsFromCoins(tc.coins...).Len(), tc.expectLength)
+	}
+}
+
 func (s *decCoinTestSuite) TestDecCoins_AddDecCoinWithIsValid() {
 	lengthTestDecCoins := sdk.NewDecCoins().Add(sdk.NewDecCoin("mytoken", sdk.NewInt(10))).Add(sdk.DecCoin{Denom: "BTC", Amount: sdk.NewDec(10)})
 	s.Require().Equal(2, len(lengthTestDecCoins), "should be 2")
diff --git a/types/fuzz_test.go b/types/fuzz_test.go
new file mode 100644
index 0000000000..99b80be29a
--- /dev/null
+++ b/types/fuzz_test.go
@@ -0,0 +1,24 @@
+package types
+
+import (
+	"testing"
+
+	"github.com/Finschia/finschia-sdk/codec"
+)
+
+func FuzzCoinUnmarshalJSON(f *testing.F) {
+	if testing.Short() {
+		f.Skip()
+	}
+
+	cdc := codec.NewLegacyAmino()
+	f.Add(`{"denom":"atom","amount":"1000"}`)
+	f.Add(`{"denom":"atom","amount":"-1000"}`)
+	f.Add(`{"denom":"uatom","amount":"1000111111111111111111111"}`)
+	f.Add(`{"denom":"mu","amount":"0"}`)
+
+	f.Fuzz(func(t *testing.T, jsonBlob string) {
+		var c Coin
+		_ = cdc.UnmarshalJSON([]byte(jsonBlob), &c)
+	})
+}