Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(x/ecocredit): Fix GetSignBytes with correct codec #1480

Merged
merged 4 commits into from
Sep 8, 2022

Conversation

amaury1093
Copy link
Contributor

@amaury1093 amaury1093 commented Sep 7, 2022

Description

While debugging regen-js, I noticed a bug in regen-ledger amino signing. Basically, in GetSignBytes, we're always using ecocredit.ModuleCdc.MustMarshalJSON. Unfortunately, this ModuleCdc doesn't get registered with any msgs, see here.

This results in a level of nesting that's being cut-off when serializing into JSON:

// expected
{
  "type": "regen/MsgSend",
  "value": {
    "recipient": "regen1abc...def"
  }
}
//actual
{
  "recipient": "regen1abc...def"
}

This bug also happened in the past in the SDK, read https://medium.com/confio/authz-and-ledger-signing-an-executive-summary-8754a0dc2a88 for more info.

The proposed fix is to make sure that the ModuleCdc that is used in GetSignBytes went through the modele's RegisterLegacyAminoCodec.

This is a consensus-breaking change. The same change needs to be done to all Msgs (I only did a poc on MsgSend). It's not a security issue, but more an annoyance, as without this change, the CosmJS+Amino+RegenLedger integration unfortunately won't work, see regen-network/regen-js#41 (comment).

Closes: #1481


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • added ! to the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • followed the guidelines for building modules
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • included comments for documenting Go code
  • updated the relevant documentation or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage
  • manually tested (if applicable)

)

func init() {
RegisterLegacyAminoCodec(legacy.Cdc)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to register the global legacy.Cdc, though it also doesn't hurt

@codecov
Copy link

codecov bot commented Sep 7, 2022

Codecov Report

Merging #1480 (b337984) into main (00829da) will decrease coverage by 0.00%.
The diff coverage is 56.41%.

@@            Coverage Diff             @@
##             main    #1480      +/-   ##
==========================================
- Coverage   78.38%   78.38%   -0.01%     
==========================================
  Files         248      248              
  Lines       18690    18687       -3     
==========================================
- Hits        14651    14648       -3     
  Misses       3173     3173              
  Partials      866      866              
Impacted Files Coverage Δ
x/ecocredit/base/types/v1/codec.go 100.00% <ø> (ø)
...edit/base/types/v1/msg_add_allowed_bridge_chain.go 0.00% <0.00%> (ø)
x/ecocredit/base/types/v1/msg_add_class_creator.go 53.33% <0.00%> (ø)
x/ecocredit/base/types/v1/msg_add_credit_type.go 61.11% <0.00%> (ø)
x/ecocredit/base/types/v1/msg_bridge.go 80.55% <0.00%> (ø)
x/ecocredit/base/types/v1/msg_bridge_receive.go 90.66% <0.00%> (ø)
.../ecocredit/base/types/v1/msg_mint_batch_credits.go 72.00% <0.00%> (ø)
...t/base/types/v1/msg_remove_allowed_bridge_chain.go 53.33% <0.00%> (ø)
...cocredit/base/types/v1/msg_remove_class_creator.go 46.15% <0.00%> (ø)
x/ecocredit/base/types/v1/msg_seal_batch.go 53.33% <0.00%> (ø)
... and 25 more

technicallyty
technicallyty previously approved these changes Sep 7, 2022
Copy link
Contributor

@technicallyty technicallyty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, opened #1481 to follow up on the rest of the messages

@technicallyty
Copy link
Contributor

@clevinson i'm just going to push the rest of the message fixes to this PR

@technicallyty technicallyty dismissed their stale review September 8, 2022 01:02

pushed my own changes

@technicallyty technicallyty requested a review from a team September 8, 2022 01:07
Copy link
Member

@clevinson clevinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for finding this @AmauryM!!

x/ecocredit/base/types/v1/msg_send_test.go Outdated Show resolved Hide resolved
Copy link
Contributor

@aleem1314 aleem1314 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@@ -76,7 +76,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- [#1337](https://github.com/regen-network/regen-ledger/pull/1337) Add `AddCreditType` msg-based gov proposal
- [#1346](https://github.com/regen-network/regen-ledger/pull/1346) Add `RemoveAllowedDenom` msg-based gov proposal
- [#1349](https://github.com/regen-network/regen-ledger/pull/1349) Add `UpdateBasketFees` msg-based gov proposal
- [#1465](https://github.com/regen-network/regen-ledger/pull/1465) Renamed to `UpdateBasketFee`
- [#1465](https://github.com/regen-network/regen-ledger/pull/1465) Renamed to `UpdateBasketFee`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@technicallyty do you have an auto-format setting enabled? The spaces here and below were intentional.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops, i thought those were formatting errors 🥲

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem. We can revise in another pull request.

@ryanchristo ryanchristo changed the title fix: Fix GetSignBytes with correct codec fix(x/ecocredit): Fix GetSignBytes with correct codec Sep 14, 2022
@ryanchristo
Copy link
Member

Thanks @AmauryM and @technicallyty 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

update all GetSignBytes functions with correct codec
5 participants