fix(x/accounts): check for overflows in multisig weights and votes #20384
Conversation
WalkthroughWalkthroughThe recent changes introduce a Changes
Assessment against linked issues
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
|
@facundomedica your pull request is missing a changelog! |
No need for a changelog, this hasn't been released yet |
There was a problem hiding this comment.
Actionable comments posted: 0
Review Details
Configuration used: .coderabbit.yml
Review profile: CHILL
Files selected for processing (2)
- x/accounts/defaults/multisig/account.go (3 hunks)
- x/accounts/defaults/multisig/account_test.go (2 hunks)
Additional Context Used
Path-based Instructions (2)
x/accounts/defaults/multisig/account.go (1)
Pattern
**/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.x/accounts/defaults/multisig/account_test.go (2)
Pattern
**/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.
Pattern
**/*_test.go: "Assess the unit test code assessing sufficient code coverage for the changes associated in the pull request"
Additional comments not posted (5)
x/accounts/defaults/multisig/account.go (4)
94-97: Overflow check added to totalWeight calculation.
272-285: Overflow check added to vote tally calculations.
293-296: Overflow check added to totalWeight calculation.
407-416: New functionsafeAddadded for safe addition with overflow checks.x/accounts/defaults/multisig/account_test.go (1)
663-691: New test functionTestWeightOverflowadded to verify handling of weight overflow scenarios.
| var sum uint64 | ||
| for _, num := range nums { | ||
| if sum+num < sum { | ||
| return 0, errors.New("overflow") |
There was a problem hiding this comment.
should we set it to max instead? that way tallying will see the max number not 0. 0 could signify 0 votes and passing here now
There was a problem hiding this comment.
If an error is returned we don't really care about the result, as we'll return it without continuing execution
There was a problem hiding this comment.
Makes sense. Does it make sense to check if all weight equate to less than maxuint64 when adding memebers or creating the multisig
There was a problem hiding this comment.
I'm doing that check here: https://github.com/cosmos/cosmos-sdk/pull/20384/files#diff-fdd6d41c43d4db2fca28c5b410bd647692b4f7fb78997c62abf0835c8052d9c6R94 but now I that I've double-check I'm not doing that on update config.
There was a problem hiding this comment.
Q: why can't we simply ensure that total_weight <= math.Uint64Max at member lvl
There was a problem hiding this comment.
@testinginprod can you explain a bit more? You mean that we should only check for overflow when creating/updating members? That sounds good, because then in the tally we'd never go over that
There was a problem hiding this comment.
Good thinking. Checks on init/ update would be enough but tally seems not to be on the criticial path for performance so I would not mind safety over performance.
There was a problem hiding this comment.
Done, I've removed the check on tally and added the test on update
There was a problem hiding this comment.
Actionable comments posted: 1
Out of diff range and nitpick comments (1)
x/accounts/defaults/multisig/update_config.go (1)
Line range hint
70-72: Clarify error message for zero values.The error message for zero values can be more specific to indicate which values are zero.
- return errors.New("threshold, quorum and voting period must be greater than zero") + return errors.New("threshold, quorum, and voting period must all be greater than zero")
Review Details
Configuration used: .coderabbit.yml
Review profile: CHILL
Files selected for processing (1)
- x/accounts/defaults/multisig/update_config.go (1 hunks)
Additional Context Used
Path-based Instructions (1)
x/accounts/defaults/multisig/update_config.go (1)
Pattern
**/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.
| func safeAdd(nums ...uint64) (uint64, error) { | ||
| var sum uint64 | ||
| for _, num := range nums { | ||
| if sum+num < sum { |
There was a problem hiding this comment.
minor nit, i would pefer sum > math.MaxUint64 - num for easier readability
There was a problem hiding this comment.
Actionable comments posted: 0
Review Details
Configuration used: .coderabbit.yml
Review profile: CHILL
Files selected for processing (1)
- x/accounts/defaults/multisig/update_config.go (1 hunks)
Files skipped from review as they are similar to previous changes (1)
- x/accounts/defaults/multisig/update_config.go
| @@ -313,6 +313,29 @@ func TestUpdateConfig(t *testing.T) { | |||
| }, | |||
| }, | |||
| }, | |||
| { | |||
| "change members, invalid weights", | |||
There was a problem hiding this comment.
Actionable comments posted: 0
Review Details
Configuration used: .coderabbit.yml
Review profile: CHILL
Files selected for processing (2)
- x/accounts/defaults/multisig/account.go (3 hunks)
- x/accounts/defaults/multisig/account_test.go (3 hunks)
Files skipped from review as they are similar to previous changes (2)
- x/accounts/defaults/multisig/account.go
- x/accounts/defaults/multisig/account_test.go
* main: (95 commits) fix(x/accounts): check for overflows in multisig weights and votes (#20384) docs(x/account/auth): Improve error handling and comments in fee.go (#20426) docs: fix some markdown syntax (#20432) revert: bank change module to account change (#20427) fix: nil pointer panic when store don't exists in historical version (#20425) fix(store/v2): Remove should not error on miss (#20423) chore: upstream more changes from v2 (#20387) docs(x/auth/ante): fixed typo in TxWithTimeoutHeight interface name (#20418) fix: avoid default sendenabled for module accounts (#20419) docs(x/auth): fixed typo in command example for multisign transaction (#20417) build(deps): Bump bufbuild/buf-setup-action from 1.31.0 to 1.32.0 (#20413) build(deps): Bump github.com/hashicorp/go-plugin from 1.6.0 to 1.6.1 in /store (#20414) feat(x/accounts): Add schema caching feature and corresponding test case (#20055) refactor(runtime/v2): remove dependency on sdk (#20389) refactor!: turn MsgsV2 into ReflectMessages to make it less confusing (#19839) docs: Enhanced the ParsePagination method documentation (#20385) refactor(runtime,core): split router service (#20401) chore: fix spelling errors (#20400) docs: Documented error handling in OfferSnapshot method (#20380) build(deps): Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#20390) ...
Description
Closes: #20362
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!in the type prefix if API or client breaking changeCHANGELOG.mdReviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
Summary by CodeRabbit
New Features
Bug Fixes
Tests