Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ibc-rs #3030

Merged
merged 8 commits into from
May 9, 2024
Merged

Update ibc-rs #3030

merged 8 commits into from
May 9, 2024

Conversation

yito88
Copy link
Member

@yito88 yito88 commented Apr 8, 2024
edited
Loading

Describe your changes

Requires tendermint-rs v0.35

Indicate on which release or other PRs this topic is based on

v0.34.0

Checklist before merging to draft

  • I have added a changelog
  • Git history is in acceptable state

@yito88 yito88 force-pushed the yuji/ibc-rs-0.52.0 branch 2 times, most recently from c6704dd to edfbf56 Compare April 13, 2024 19:00
@codecov Codecov
Copy link

codecov bot commented Apr 13, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 59.39086% with 80 lines in your changes are missing coverage. Please review.

Project coverage is 59.39%. Comparing base (9d4de02) to head (3e4e57b).
Report is 2 commits behind head on main.

Files Patch % Lines
crates/ibc/src/context/client.rs 17.10% 63 Missing ⚠️
crates/ibc/src/context/common.rs 78.37% 8 Missing ⚠️
crates/ibc/src/context/validation.rs 82.75% 5 Missing ⚠️
crates/ibc/src/context/execution.rs 81.81% 2 Missing ⚠️
crates/apps/src/lib/bench_utils.rs 0.00% 1 Missing ⚠️
...tes/apps/src/lib/node/ledger/shell/testing/node.rs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3030      +/-   ##
==========================================
- Coverage   59.40%   59.39%   -0.02%     
==========================================
  Files         298      298              
  Lines       92326    92347      +21     
==========================================
+ Hits        54849    54852       +3     
- Misses      37477    37495      +18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Fraccaman Fraccaman mentioned this pull request Apr 15, 2024
Closed
@brentstone
Copy link
Collaborator

@yito88 what's the status of this PR?

@yito88
Copy link
Member Author

yito88 commented Apr 19, 2024

@brentstone this is waiting for ibc-rs v0.52.0.

@brentstone brentstone mentioned this pull request Apr 27, 2024
Closed
@yito88 yito88 force-pushed the yuji/ibc-rs-0.52.0 branch from d00320f to e646198 Compare April 29, 2024 15:14
@McDaan
Copy link
Contributor

McDaan commented Apr 29, 2024

Hey guys @yito88 @brentstone, please don't forget that this also closes #2985

As this is a high severe security vulnerability I have reported in the mentioned issue.

"A way to lock/freeze assets by freezing an IBC client - which makes them unusable until the related code is fixed (i.e. ibc-rs) and chain upgraded in order to be able to avoid freeze behaviour (0.51 ibc-rs) as well as updating frozen/expired IBC clients for new ones (0.52 ibc-rs) to finally unlock/unfreeze those assets"

@yito88 yito88 marked this pull request as ready for review April 29, 2024 20:11
@yito88 yito88 requested a review from sug0 April 29, 2024 20:11
sug0
sug0 previously approved these changes May 2, 2024
View reviewed changes
Copy link
Collaborator

@sug0 sug0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

crates/core/src/ibc.rs Outdated Show resolved Hide resolved
brentstone added a commit that referenced this pull request May 2, 2024
@brentstone
Merge branch 'yuji/ibc-rs-0.52.0' (#3030)
2beab5f
@McDaan
Copy link
Contributor

McDaan commented May 2, 2024

Hey guys @yito88 @brentstone, please don't forget that this also closes #2985

As this is a high severe security vulnerability I have reported in the mentioned issue.

"A way to lock/freeze assets by freezing an IBC client - which makes them unusable until the related code is fixed (i.e. ibc-rs) and chain upgraded in order to be able to avoid freeze behaviour (0.51 ibc-rs) as well as updating frozen/expired IBC clients for new ones (0.52 ibc-rs) to finally unlock/unfreeze those assets"

Adding more relevant information to this context after seeing that it has been correctly considered as a valid security issue by the team. @cwgoes @brentstone @Fraccaman

It's curious, right? I had even reported this behaviour internally before than the original issue in the original ibc-rs repo.

Feb 9 informalsystems/ibc-rs#1080

Feb 5 (internal group in which this behaviour has been reported before than the original issue was open - many people and devs, including Brent and Gian, have access to it, chat history doesn't lie)
https://discord.com/channels/@me/1203005508206862447/1204121706931945534

brentstone added a commit that referenced this pull request May 8, 2024
@brentstone
Merge branch 'yuji/ibc-rs-0.52.0' (#3030)
b29bfbb 
* origin/yuji/ibc-rs-0.52.0:
  reuse base_denom
  fix is_ibc_denom
  fix unit tests
  ibc-rs 0.52.0 tendermint-rs 0.35
  fix tests
  update to the current main
  update to 0.51.0
@brentstone brentstone merged commit 36eeb17 into main May 9, 2024
15 of 19 checks passed
@brentstone brentstone deleted the yuji/ibc-rs-0.52.0 branch May 9, 2024 03:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sug0 sug0 sug0 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@yito88 @brentstone @McDaan @sug0