From 9dc5acf01ca98db09942a56a64a2a08672fe610d Mon Sep 17 00:00:00 2001 From: testinginprod Date: Thu, 17 Oct 2024 11:27:28 +0200 Subject: [PATCH 1/4] fix tx validation vs execution --- x/accounts/defaults/base/account.go | 11 ++++++++++- x/auth/ante/sigverify.go | 14 +++++++++++--- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/x/accounts/defaults/base/account.go b/x/accounts/defaults/base/account.go index b227899aec75..2cf9ef52936a 100644 --- a/x/accounts/defaults/base/account.go +++ b/x/accounts/defaults/base/account.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" + "cosmossdk.io/core/transaction" gogotypes "github.com/cosmos/gogoproto/types/any" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -43,6 +44,7 @@ func NewAccount(name string, handlerMap *signing.HandlerMap, options ...Option) Sequence: collections.NewSequence(deps.SchemaBuilder, SequencePrefix, "sequence"), addrCodec: deps.AddressCodec, hs: deps.Environment.HeaderService, + ts: deps.Environment.TransactionService, supportedPubKeys: map[string]pubKeyImpl{}, signingHandlers: handlerMap, } @@ -65,6 +67,7 @@ type Account struct { addrCodec address.Codec hs header.Service + ts transaction.Service supportedPubKeys map[string]pubKeyImpl @@ -106,7 +109,13 @@ func (a Account) Authenticate(ctx context.Context, msg *aa_interface_v1.MsgAuthe } gotSeq := msg.Tx.AuthInfo.SignerInfos[msg.SignerIndex].Sequence - if gotSeq != signerData.Sequence { + + execMode := a.ts.ExecMode(ctx) + if execMode == transaction.ExecModeCheck { + if gotSeq < signerData.Sequence { + return nil, fmt.Errorf("sequence number must be higher than: %d, got: %d", signerData.Sequence, gotSeq) + } + } else if gotSeq != signerData.Sequence { return nil, fmt.Errorf("unexpected sequence number, wanted: %d, got: %d", signerData.Sequence, gotSeq) } diff --git a/x/auth/ante/sigverify.go b/x/auth/ante/sigverify.go index f5e5a8626738..44f1faac396f 100644 --- a/x/auth/ante/sigverify.go +++ b/x/auth/ante/sigverify.go @@ -306,17 +306,25 @@ func (svd SigVerificationDecorator) consumeSignatureGas( // verifySig will verify the signature of the provided signer account. func (svd SigVerificationDecorator) verifySig(ctx context.Context, tx sdk.Tx, acc sdk.AccountI, sig signing.SignatureV2, newlyCreated bool) error { - if sig.Sequence != acc.GetSequence() { + execMode := svd.ak.GetEnvironment().TransactionService.ExecMode(ctx) + if execMode == transaction.ExecModeCheck { + if sig.Sequence < acc.GetSequence() { + return errorsmod.Wrapf( + sdkerrors.ErrWrongSequence, + "account sequence mismatch, expected higher than or equal to %d, got %d", acc.GetSequence(), sig.Sequence, + ) + } + } else if sig.Sequence != acc.GetSequence() { return errorsmod.Wrapf( sdkerrors.ErrWrongSequence, - "account sequence mismatch, expected %d, got %d", acc.GetSequence(), sig.Sequence, + "account sequence mismatch: expected %d, got %d", acc.GetSequence(), sig.Sequence, ) } // we're in simulation mode, or in ReCheckTx, or context is not // on sig verify tx, then we do not need to verify the signatures // in the tx. - if svd.ak.GetEnvironment().TransactionService.ExecMode(ctx) == transaction.ExecModeSimulate || + if execMode == transaction.ExecModeSimulate || isRecheckTx(ctx, svd.ak.GetEnvironment().TransactionService) || !isSigverifyTx(ctx) { return nil From 5696991c37d40d0345d82710e101903ff39cce62 Mon Sep 17 00:00:00 2001 From: testinginprod Date: Thu, 17 Oct 2024 11:35:26 +0200 Subject: [PATCH 2/4] lint + test fix --- tests/systemtests/auth_test.go | 14 -------------- x/accounts/defaults/base/account.go | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/tests/systemtests/auth_test.go b/tests/systemtests/auth_test.go index c45652f3cf8a..975a7909265b 100644 --- a/tests/systemtests/auth_test.go +++ b/tests/systemtests/auth_test.go @@ -67,13 +67,6 @@ func TestAuthSignAndBroadcastTxCmd(t *testing.T) { sendAmount := transferAmount + newAmount fees := feeAmount * 2 - // TODO: remove below block code once v2 supports multi messages - // ref: https://github.com/cosmos/cosmos-sdk/issues/22215 - if isV2() { - sendAmount = transferAmount - fees = feeAmount - } - testSignTxBroadcast(t, cli, signBatchCmd, "sign-batch tx", val1Addr, val2Addr, sendAmount, fees) } @@ -304,13 +297,6 @@ func TestAuthMultisigTxCmds(t *testing.T) { sendAmount := transferAmount * 2 fees := feeAmount * 2 - // TODO: remove below block code once v2 supports multi messages - // ref: https://github.com/cosmos/cosmos-sdk/issues/22215 - if isV2() { - sendAmount = transferAmount - fees = feeAmount - } - testMultisigTxBroadcast(t, cli, multiSigTxInput{ "multisign-batch", multiAddr, diff --git a/x/accounts/defaults/base/account.go b/x/accounts/defaults/base/account.go index 2cf9ef52936a..81bf1006d92c 100644 --- a/x/accounts/defaults/base/account.go +++ b/x/accounts/defaults/base/account.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" - "cosmossdk.io/core/transaction" gogotypes "github.com/cosmos/gogoproto/types/any" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -15,6 +14,7 @@ import ( "cosmossdk.io/collections" "cosmossdk.io/core/address" "cosmossdk.io/core/header" + "cosmossdk.io/core/transaction" "cosmossdk.io/x/accounts/accountstd" v1 "cosmossdk.io/x/accounts/defaults/base/v1" aa_interface_v1 "cosmossdk.io/x/accounts/interfaces/account_abstraction/v1" From e0299764da462364183ac8f0278cce2adcaec834 Mon Sep 17 00:00:00 2001 From: testinginprod Date: Thu, 17 Oct 2024 11:53:58 +0200 Subject: [PATCH 3/4] lfg --- x/accounts/defaults/base/utils_test.go | 12 ++++++++++-- x/auth/ante/ante_test.go | 4 ++++ x/auth/ante/sigverify_test.go | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/x/accounts/defaults/base/utils_test.go b/x/accounts/defaults/base/utils_test.go index 93cd76ea8495..5d1a91893064 100644 --- a/x/accounts/defaults/base/utils_test.go +++ b/x/accounts/defaults/base/utils_test.go @@ -66,6 +66,13 @@ func newMockContext(t *testing.T) (context.Context, store.KVStoreService) { ) } +type transactionService struct { +} + +func (t transactionService) ExecMode(ctx context.Context) transaction.ExecMode { + return transaction.ExecModeFinalize +} + func makeMockDependencies(storeservice store.KVStoreService) accountstd.Dependencies { sb := collections.NewSchemaBuilder(storeservice) @@ -74,8 +81,9 @@ func makeMockDependencies(storeservice store.KVStoreService) accountstd.Dependen AddressCodec: addressCodec{}, LegacyStateCodec: mockStateCodec{}, Environment: appmodulev2.Environment{ - EventService: eventService{}, - HeaderService: headerService{}, + EventService: eventService{}, + HeaderService: headerService{}, + TransactionService: transactionService{}, }, } } diff --git a/x/auth/ante/ante_test.go b/x/auth/ante/ante_test.go index fbc4491b9091..0078c2a9803f 100644 --- a/x/auth/ante/ante_test.go +++ b/x/auth/ante/ante_test.go @@ -915,6 +915,8 @@ func TestAnteHandlerBadSignBytes(t *testing.T) { suite.bankKeeper.EXPECT().SendCoinsFromAccountToModule(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) require.NoError(t, accs[0].acc.SetSequence(2)) // wrong accSeq + suite.ctx = suite.ctx.WithExecMode(sdk.ExecModeFinalize) + return TestCaseArgs{ chainID: suite.ctx.ChainID(), feeAmount: feeAmount, @@ -1081,6 +1083,8 @@ func TestAnteHandlerSetPubKey(t *testing.T) { accs := suite.CreateTestAccounts(2) suite.bankKeeper.EXPECT().SendCoinsFromAccountToModule(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) + suite.ctx = suite.ctx.WithExecMode(sdk.ExecModeFinalize) + // Make sure public key has not been set from previous test. acc1 := suite.accountKeeper.GetAccount(suite.ctx, accs[1].acc.GetAddress()) require.Nil(t, acc1.GetPubKey()) diff --git a/x/auth/ante/sigverify_test.go b/x/auth/ante/sigverify_test.go index 00cbb6db6051..d14761fd8aa5 100644 --- a/x/auth/ante/sigverify_test.go +++ b/x/auth/ante/sigverify_test.go @@ -231,7 +231,7 @@ func TestSigVerification(t *testing.T) { if tc.recheck { ctx = ctx.WithExecMode(sdk.ExecModeReCheck) } else { - ctx = ctx.WithExecMode(sdk.ExecModeCheck) + ctx = ctx.WithExecMode(sdk.ExecModeFinalize) } suite.txBuilder = suite.clientCtx.TxConfig.NewTxBuilder() // Create new txBuilder for each test From b0411da401cfaea2b4cbd823710698a57677a6ee Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Thu, 17 Oct 2024 17:35:06 +0200 Subject: [PATCH 4/4] fix Co-authored-by: Matt Kocubinski --- x/auth/ante/sigverify.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x/auth/ante/sigverify.go b/x/auth/ante/sigverify.go index 44f1faac396f..3b83b17e3379 100644 --- a/x/auth/ante/sigverify.go +++ b/x/auth/ante/sigverify.go @@ -360,7 +360,7 @@ func (svd SigVerificationDecorator) verifySig(ctx context.Context, tx sdk.Tx, ac Address: acc.GetAddress().String(), ChainID: chainID, AccountNumber: accNum, - Sequence: acc.GetSequence(), + Sequence: sig.Sequence, PubKey: &anypb.Any{ TypeUrl: anyPk.TypeUrl, Value: anyPk.Value,