Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

min amount per deposit #4

Closed
wants to merge 38 commits into from
Closed

min amount per deposit #4

wants to merge 38 commits into from

Conversation

adam-hanna
Copy link
Contributor

@adam-hanna adam-hanna commented Aug 29, 2024
edited by tbruyelle
Loading

Please go the the Preview tab and select the appropriate sub-template:

Cherry picking from https://github.com/informalsystems/cosmos-sdk/tree/masa/backport-18146-min-amount-per-deposit (related PR)

  • Production code - for types fix, feat, and refactor.
  • Docs - for documentation changes.
  • Others - for changes that do not affect production code.

@adam-hanna adam-hanna force-pushed the adam-hanna/gov/min-amount-per-deposit branch from eeeb1a7 to 8630c2f Compare August 30, 2024 19:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2024
View reviewed changes
types/coin.go Outdated
Comment on lines 337 to 345
for denom, cL := range uniqCoins { //#nosec
comboCoin := Coin{Denom: denom, Amount: NewInt(0)}
for _, c := range cL {
comboCoin = comboCoin.Add(c)
}
if !comboCoin.IsZero() {
coalesced = append(coalesced, comboCoin)
}
}

Check warning

Code scanning / CodeQL

Iteration over map Warning

Iteration over map may be a possible source of non-determinism
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 5, 2024
View reviewed changes
errors/abci.go Outdated

import (
"fmt"
"reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
errors/errors.go Outdated

import (
"fmt"
"reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
errors/stacktrace.go Outdated
import (
"fmt"
"io"
"runtime"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
x/gov/types/keys.go Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 9, 2024
View reviewed changes
api/amino/amino.pulsar.go
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
descriptorpb "google.golang.org/protobuf/types/descriptorpb"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/app/runtime/v1alpha1/module.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/app/v1alpha1/config.pulsar.go
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
anypb "google.golang.org/protobuf/types/known/anypb"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/app/v1alpha1/module.pulsar.go
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
descriptorpb "google.golang.org/protobuf/types/descriptorpb"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/app/v1alpha1/query.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/base/query/v1beta1/pagination.pulsar.go Fixed Show fixed Hide fixed
api/atomone/base/v1beta1/coin.pulsar.go Fixed Show fixed Hide fixed
api/atomone/crypto/multisig/v1beta1/multisig.pulsar.go Fixed Show fixed Hide fixed
api/atomone/gov/module/v1/module.pulsar.go Fixed Show fixed Hide fixed
api/atomone/gov/v1/genesis.pulsar.go Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 9, 2024
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 10, 2024
View reviewed changes
api/atomone/authz/module/v1/module.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/authz/v1beta1/authz.pulsar.go
anypb "google.golang.org/protobuf/types/known/anypb"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/authz/v1beta1/event.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/authz/v1beta1/genesis.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/bank/module/v1/module.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
api/atomone/bank/v1beta1/authz.pulsar.go
protoiface "google.golang.org/protobuf/runtime/protoiface"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
io "io"
reflect "reflect"

Check notice

Code scanning / CodeQL

Sensitive package import Note

Certain system packages contain functions which may be a possible source of non-determinism
@adam-hanna adam-hanna marked this pull request as ready for review September 11, 2024 18:39
@adam-hanna
Copy link
Contributor Author

There are ALOT of linting issues, which I will slowly chip away at

@giunatale
Copy link
Collaborator

giunatale commented Sep 12, 2024
edited
Loading

I think the entire Cosmos SDK codebase was merged here by mistake, while the idea was to cherry pick the x/gov modifications. A hint is the over 2000 files part of the PR most of which are additions. Just pointing it out fyi before it becomes even harder to revert without losing work done.

Should also rebase onto main since we switched over having x/gov own types

@adam-hanna
Copy link
Contributor Author

I think the entire Cosmos SDK codebase was merged here by mistake, while the idea was to cherry pick the x/gov modifications. A hint is the over 2000 files part of the PR most of which are additions. Just pointing it out fyi before it becomes even harder to revert without losing work done.

Should also rebase onto main since we switched over having x/gov own types

This was the minimal import of the cosmos-sdk that it took to cherry pick that commit. I know it's hard to believe but I started with the commit and simply kept importing packages/modules until I could build

@giunatale
Copy link
Collaborator

This was the minimal import of the cosmos-sdk that it took to cherry pick that commit. I know it's hard to believe but I started with the commit and simply kept importing packages/modules until I could build

If you look at the PR https://github.com/cosmos/cosmos-sdk/pull/19312/files this is what it touches
image
and in reality the changes in proto for staking and the change in bank can be discarded, so the PR is focused on x/gov. I don't think you really have to merge the whole sdk into the atomone app. Only the x/gov forked module needs to be updated (and the e2e tests I believe)

@adam-hanna adam-hanna force-pushed the adam-hanna/gov/min-amount-per-deposit branch from 2db779d to 2957c95 Compare September 12, 2024 17:47
@adam-hanna adam-hanna closed this Sep 12, 2024
tbruyelle added a commit that referenced this pull request Dec 10, 2024
@tbruyelle
fix(vuln): https://pkg.go.dev/vuln/GO-2024-3279 (#60)
4a894e1 
Spotted by `make vulncheck`

Last seen in
https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:14

```
Vulnerability #1: GO-2024-3279
    ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int
    and sdk.Dec can lead to panic
  More info: https://pkg.go.dev/vuln/GO-2024-3279
  Module: cosmossdk.io/math
    Found in: cosmossdk.io/math@v1.3.0
    Fixed in: cosmossdk.io/math@v1.4.0
    Example traces found:
Error:       #1: app/export.go:209:63: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.ApplyAndReturnValidatorSetUpdates, which calls math.Int.Add
Error:       #2: app/genesis_account.go:31:33: app.SimGenesisAccount.Validate calls types.Coins.IsAnyNil, which eventually calls math.Int.BigInt
Error:       #3: x/gov/types/v1beta1/gov.pb.go:732:20: v1beta1.TallyResult.Equal calls math.Int.Equal
Error:       #4: x/gov/keeper/deposit.go:180:97: keeper.Keeper.AddDeposit calls types.Coins.IsAllGTE, which calls math.Int.GT
Error:       #5: ante/gov_vote_ante.go:46:[14](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:15): ante.GovVoteDecorator.AnteHandle calls types.ChainAnteDecorators, which eventually calls math.Int.GTE
Error:       #6: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.Int.Int64
Error:       #7: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.Int.IsInt64
Error:       #8: x/gov/keeper/deposit.go:145:28: keeper.Keeper.AddDeposit calls types.NewCoin, which eventually calls math.Int.IsNegative
Error:       #9: x/gov/types/v1/msgs.go:101:30: types.MsgSubmitProposal.ValidateBasic calls types.MsgCancelUnbondingDelegation.ValidateBasic, which calls math.Int.IsPositive
Error:       #10: x/gov/keeper/tally.go:58:23: keeper.Keeper.HasReachedQuorum calls math.Int.IsZero
Error:       #11: x/gov/keeper/deposit.go:[15](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:16)5:20: keeper.Keeper.AddDeposit calls types.Coin.IsGTE, which calls math.Int.LT
Error:       #12: x/gov/keeper/deposit.go:63:37: keeper.DeleteAndBurnDeposits calls keeper.BaseKeeper.BurnCoins, which eventually calls math.Int.Marshal
Error:       #13: x/gov/types/v1beta1/gov.pb.go:994:38: v1beta1.TallyResult.MarshalToSizedBuffer calls math.Int.MarshalTo
Error:       #14: app/export.go:11:2: app.init calls staking.init, which eventually calls math.Int.Mul
Error:       #15: x/gov/keeper/deposit.go:[16](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:17)8:54: keeper.Keeper.AddDeposit calls keeper.BaseKeeper.SendCoinsFromAccountToModule, which eventually calls math.Int.Neg
Error:       #16: app/export.go:209:63: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.ApplyAndReturnValidatorSetUpdates, which eventually calls math.Int.Quo
Error:       #[17](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:18): ante/gov_vote_ante.go:46:14: ante.GovVoteDecorator.AnteHandle calls types.ChainAnteDecorators, which eventually calls math.Int.QuoRaw
Error:       #[18](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:19): x/gov/types/v1beta1/msgs.go:167:29: v1beta1.MsgDeposit.ValidateBasic calls types.Coins.IsAnyNegative, which eventually calls math.Int.Sign
Error:       #[19](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:20): x/gov/types/v1beta1/gov.pb.go:1322:16: v1beta1.TallyResult.Size calls math.Int.Size
Error:       #[20](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:21): x/gov/types/v1/tally.go:12:27: types.NewTallyResult calls math.Int.String
Error:       #[21](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:22): app/export.go:209:63: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.ApplyAndReturnValidatorSetUpdates, which calls math.Int.Sub
Error:       #[22](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:23): x/gov/keeper/deposit.go:145:73: keeper.Keeper.AddDeposit calls math.Int.ToLegacyDec
Error:       #23: x/gov/types/v1beta1/gov.pb.go:2141:29: v1beta1.TallyResult.Unmarshal calls math.Int.Unmarshal
Error:       #24: x/gov/types/v1beta1/msgs.go:263:32: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyDec.Add
Error:       #25: app/sim/sim_state.go:203:34: sim.AppStateRandomizedFn calls module.SimulationManager.GenerateGenesisStates, which eventually calls math.LegacyDec.BigInt
Error:       #26: ante/gov_vote_ante.go:46:14: ante.GovVoteDecorator.AnteHandle calls types.ChainAnteDecorators, which eventually calls math.LegacyDec.Ceil
Error:       #27: x/gov/types/v1beta1/params.go:68:[24](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:25): v1beta1.TallyParams.Equal calls math.LegacyDec.Equal
Error:       #28: x/gov/client/cli/query.go:624:15: cli.GetCmdQueryProposer calls fmt.Sprintf, which eventually calls math.LegacyDec.Format
Error:       #29: x/gov/types/v1beta1/msgs.go:270:19: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyDec.GT
Error:       #30: x/gov/keeper/tally.go:93:26: keeper.Keeper.HasReachedQuorum calls math.LegacyDec.GTE
Error:       #31: x/gov/types/v1/params.go:129:22: types.Params.ValidateBasic calls math.LegacyDec.IsNegative
Error:       #32: x/gov/types/v1/msgs.go:101:30: types.MsgSubmitProposal.ValidateBasic calls types.MsgUpdateParams.ValidateBasic, which calls math.LegacyDec.IsNil
Error:       #33: x/gov/types/v1/params.go:140:26: types.Params.ValidateBasic calls math.LegacyDec.IsPositive
Error:       #34: x/gov/keeper/deposit.go:138:28: keeper.Keeper.AddDeposit calls math.LegacyDec.IsZero
Error:       #35: x/gov/types/v1beta1/msgs.go:274:19: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyDec.LT
Error:       #36: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyDec.LTE
Error:       #37: app/app.go:[25](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:26)4:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.Marshal
Error:       #38: x/gov/types/v1beta1/gov.pb.go:1187:41: v1beta1.TallyParams.MarshalToSizedBuffer calls math.LegacyDec.MarshalTo
Error:       #39: x/gov/keeper/deposit.go:145:79: keeper.Keeper.AddDeposit calls math.LegacyDec.Mul
Error:       #40: x/gov/keeper/tally.go:1[26](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:27):31: keeper.tallyVotes calls keeper.Keeper.IterateDelegations, which eventually calls math.LegacyDec.MulInt
Error:       #41: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyDec.MulInt64
Error:       #42: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.MulTruncate
Error:       #43: app/export.go:151:60: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Hooks.BeforeDelegationCreated, which eventually calls math.LegacyDec.Neg
Error:       #44: x/gov/keeper/tally.go:88:39: keeper.Keeper.HasReachedQuorum calls math.LegacyDec.Quo
Error:       #45: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.QuoInt
Error:       #46: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.QuoRoundUp
Error:       #47: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyDec.QuoTruncate
Error:       #48: x/gov/keeper/deposit.go:246:112: keeper.Keeper.validateInitialDeposit calls math.LegacyDec.RoundInt
Error:       #49: x/gov/simulation/genesis.go:84:52: simulation.GenTallyParamsConstitutionalThreshold calls math.LegacyDec.RoundInt64
Error:       #50: x/gov/types/v1beta1/gov.pb.go:1392:19: v1beta1.TallyParams.Size calls math.LegacyDec.Size
Error:       #51: x/gov/keeper/msg_server.go:[27](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:28)4:29: keeper.legacyMsgServer.VoteWeighted calls math.LegacyDec.String
Error:       #52: x/gov/keeper/tally.go:41:25: keeper.Keeper.Tally calls math.LegacyDec.Sub
Error:       #53: x/gov/keeper/deposit.go:145:108: keeper.Keeper.AddDeposit calls math.LegacyDec.TruncateInt
Error:       #54: cmd/atomoned/main.go:16:26: atomoned.main calls cmd.Execute, which eventually calls math.LegacyDec.TruncateInt64
Error:       #55: x/gov/types/v1beta1/gov.pb.go:2680:32: v1beta1.TallyParams.Unmarshal calls math.LegacyDec.Unmarshal
Error:       #56: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyMinDec
Error:       #57: x/gov/simulation/genesis.go:73:37: simulation.GenMinDepositRatio calls math.LegacyMustNewDecFromStr
Error:       #58: x/gov/types/v1beta1/msgs.go:257:34: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyNewDec
Error:       #59: app/sim/sim_state.go:203:34: sim.AppStateRandomizedFn calls module.SimulationManager.GenerateGenesisStates, which eventually calls math.LegacyNewDecFromBigIntWithPrec
Error:       #60: x/gov/keeper/tally.go:88:64: keeper.Keeper.HasReachedQuorum calls math.LegacyNewDecFromInt
Error:       #61: x/gov/keeper/grpc_query.go:406:35: keeper.legacyQueryServer.Params calls math.LegacyNewDecFromStr
Error:       #62: x/gov/simulation/genesis.go:85:27: simulation.GenTallyParamsConstitutionalThreshold calls math.LegacyNewDecWithPrec
Error:       #63: x/gov/types/v1/params.go:132:32: types.Params.ValidateBasic calls math.LegacyOneDec
Error:       #64: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacySmallestDec
Error:       #65: x/gov/keeper/tally.go:41:77: keeper.Keeper.Tally calls math.LegacyZeroDec
Error:       #66: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.MaxInt
Error:       #67: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.MinInt
Error:       #68: app/helpers/test_helpers.go:79:69: helpers.Setup calls math.NewInt
Error:       #69: x/gov/keeper/proposal.go:72:24: keeper.Keeper.SubmitProposal calls baseapp.RegisterService, which eventually calls math.NewIntFromBigInt
Error:       #70: x/gov/migrations/v3/convert.go:73:35: migrations.ConvertToLegacyTallyResult calls math.NewIntFromString
Error:       #71: x/gov/types/v1beta1/codec.go:7:2: v1beta1.init calls types.init, which calls math.NewIntFromUint64
Error:       #72: app/sim/sim_state.go:203:34: sim.AppStateRandomizedFn calls module.SimulationManager.GenerateGenesisStates, which eventually calls math.OneInt
Error:       #73: x/gov/types/v1beta1/tally.go:55:36: v1beta1.EmptyTallyResult calls math.ZeroInt
Error:       #74: app/sim/sim_state.go:205:[31](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:32): sim.AppStateRandomizedFn calls json.Marshal, which eventually calls math.init
Error:       #75: x/gov/types/v1beta1/genesis.go:6:2: v1beta1.init calls math.init
```
@tbruyelle tbruyelle deleted the adam-hanna/gov/min-amount-per-deposit branch December 16, 2024 10:08
giunatale pushed a commit that referenced this pull request Jan 17, 2025
@tbruyelle
test(x/gov): add e2e tests for governors (#4)
8dee330
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giunatale giunatale Awaiting requested review from giunatale giunatale is a code owner

@tbruyelle tbruyelle Awaiting requested review from tbruyelle tbruyelle is a code owner

@jaekwon jaekwon Awaiting requested review from jaekwon jaekwon is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adam-hanna @giunatale