From 68d1b1c1ea1572aaa8c2d309c1b3f45bbf075ffa Mon Sep 17 00:00:00 2001
From: Woosang Son <woosang.son@linecorp.com>
Date: Tue, 2 Nov 2021 08:33:08 +0900
Subject: [PATCH] fix: check bech32 address format in bank query (#366)

* fix: check bech32 address format in bank query

* docs: modify release_changelog; wrong PR number

* docs: modify release changelog
---
 .github/workflows/sims.yml       |  2 +
 CHANGELOG.md                     | 89 +-------------------------------
 RELEASE_CHANGELOG.md             |  6 +++
 x/bank/client/cli/query.go       |  4 +-
 x/bank/keeper/grpc_query.go      |  8 +++
 x/bank/keeper/grpc_query_test.go |  5 ++
 6 files changed, 26 insertions(+), 88 deletions(-)

diff --git a/.github/workflows/sims.yml b/.github/workflows/sims.yml
index 2c904ea224..e4db44986c 100644
--- a/.github/workflows/sims.yml
+++ b/.github/workflows/sims.yml
@@ -3,6 +3,8 @@ name: Sims
 # This workflow will run on all Pull Requests, if a .go, .mod or .sum file have been changed
 on:
   pull_request:
+    branches-ignore:
+      - "release/*"
   push:
     branches:
       - main
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3bba466618..a43d03ded3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,99 +2,14 @@
 
 ## [Unreleased]
 
-## [v0.43.0](https://github.com/line/lbm-sdk/releases/tag/v0.43.0)
-
 ### Features
-* (global) [\#97](https://github.com/line/lbm-sdk/pull/97) Add codespace to query error
-* (config) [\#114](https://github.com/line/lbm-sdk/pull/114) Add idle-timeout to rest server and rpc server config
-* (x/wasm) [\#127](https://github.com/line/lbm-sdk/pull/127) Add wasm with Staragate migration completed.
-* (x/wasm) [\#151](https://github.com/line/lbm-sdk/pull/151) Add contract access control.
-* (x/wasm) [\#194](https://github.com/line/lbm-sdk/pull/194) Replace importing CosmWasm/wasmvm with line/wasmvm.
-* (x/auth) [\#176](https://github.com/line/lbm-sdk/pull/176) Add MsgEmpty to auth module
-* (metric) [\#184](https://github.com/line/lbm-sdk/pull/184) Add prometheus metrics for caches reverting telemetry metrics
-* (grpc) [\#291](https://github.com/line/lbm-sdk/pull/291) Add GRPC API the BlockByHash and BlockResultsByHeight, add prove parameter to GetTxsEvent
 
 ### Improvements
-* (bump-up) [\#93](https://github.com/line/lbm-sdk/pull/93) Adopt ostracon, line/tm-db and line/iavl
-* (bump-up) [\#107](https://github.com/line/lbm-sdk/pull/107) Bump up tm-db, iavl and ostracon
-* (script) [\#110](https://github.com/line/lbm-sdk/pull/110) Add script initializing simd
-* (bump-up) [\#118](https://github.com/line/lbm-sdk/pull/118) Bump up tm-db and remove Domain() call
-* (test) [\#128](https://github.com/line/lbm-sdk/pull/128) Allow creating new test network without init
-* (db) [\#136](https://github.com/line/lbm-sdk/pull/136) Fix DB_BACKEND configuration
-* (global) [\#140](https://github.com/line/lbm-sdk/pull/140) Modify default coin type, default address prefix
-* (perf) [\#141](https://github.com/line/lbm-sdk/pull/141) Concurrent `checkTx`
-* (perf) [\#142](https://github.com/line/lbm-sdk/pull/142) Implement `validateGasWanted()`
-* (perf) [\#143](https://github.com/line/lbm-sdk/pull/143) Signature verification cache
-* (global) [\#145](https://github.com/line/lbm-sdk/pull/145) Modify key type name
-* (perf) [\#155](https://github.com/line/lbm-sdk/pull/155) Concurrent recheckTx
-* (global) [\#158](https://github.com/line/lbm-sdk/pull/158) Remove tm-db dependency
-* (x/wasm) [\#162](https://github.com/line/lbm-sdk/pull/162) Add missed UpdateContractStatusProposal types
-* (perf) [\#164](https://github.com/line/lbm-sdk/pull/164) Sse fastcache
-* (build) [\#181](https://github.com/line/lbm-sdk/pull/181) Raise codecov-action version to 1.5.0
-* (build) [\#195](https://github.com/line/lbm-sdk/pull/195) Build properly when using libsecp256k1
-* (perf) [\#198](https://github.com/line/lbm-sdk/pull/198) Caching paramset
-* (global) [\#200](https://github.com/line/lbm-sdk/pull/200) Add a env prefix
-* (store) [\#202](https://github.com/line/lbm-sdk/pull/202) Param store doesn't use gas kv
-* (store) [\#203](https://github.com/line/lbm-sdk/pull/203) Remove transient store that is not used now
-* (perf) [\#204](https://github.com/line/lbm-sdk/pull/204) Apply rw mutex to cachekv
-* (perf) [\#208](https://github.com/line/lbm-sdk/pull/208) Use easyjson instead of amino when marshal abci logs 
-* (perf) [\#209](https://github.com/line/lbm-sdk/pull/209) Apply async reactor ostracon
-* (proto) [\#212](https://github.com/line/lbm-sdk/pull/212) Reformat proto files and restore proto docs
-* (perf) [\#216](https://github.com/line/lbm-sdk/pull/216) Memoize bech32 encoding and decoding
-* (perf) [\#218](https://github.com/line/lbm-sdk/pull/218) Rootmulti store parallel commit
-* (perf) [\#219](https://github.com/line/lbm-sdk/pull/219) Fix bech32 cache to get bech32 from proper cache
-* (bump-up) [\#221](https://github.com/line/lbm-sdk/pull/221) Bump up iavl for parallel processing of batches
-* (perf) [\#224](https://github.com/line/lbm-sdk/pull/224) Updated log time to have milliseconds
-* (bump-up) [\#228](https://github.com/line/lbm-sdk/pull/228) Bump up ostracon to optimize checking the txs size
-* (global) [\#230](https://github.com/line/lbm-sdk/pull/230) Modify module name to lfb-sdk
-* (bump-up) [\#246](https://github.com/line/lbm-sdk/pull/246) Bump up ostracon to not flush wal when receive consensus msgs
-* (wasm) [\#250](https://github.com/line/lbm-sdk/pull/250) Migrate linkwasmd to the latest commit
-* (wasm) [\#253](https://github.com/line/lbm-sdk/pull/253) remove MaxGas const
-* (wasm) [\#254](https://github.com/line/lbm-sdk/pull/254) Specify wasm event types
-* (x) [\#255](https://github.com/line/lbm-sdk/pull/255) Remove legacy from modules
-* (perf) [\#320](https:/github.com/line/lbm-sdk/pull/320) internal objects optimization (BaseAccount, Balance & Supply)
-* (auth) [\#344](https://github.com/line/lbm-sdk/pull/344) move SigBlockHeight from TxBody into AuthInfo
 
 ### Bug Fixes
-* (test) [\#92](https://github.com/line/lbm-sdk/pull/92) Fix SendToModuleAccountTest
-* (store) [\#105](https://github.com/line/lbm-sdk/pull/105) Check `store == nil`
-* (test) [\#133](https://github.com/line/lbm-sdk/pull/133) Fix `Test_runImportCmd()`
-* (config) [\#138](https://github.com/line/lbm-sdk/pull/138) Fix getting coin type at running cmd 
-* (race) [\#159](https://github.com/line/lbm-sdk/pull/159) Fix test-race failure
-* (test) [\#193](https://github.com/line/lbm-sdk/pull/193) Allow to add new validator in test network
-* (client) [\#286](https://github.com/line/lbm-sdk/pull/286) Fix invalid type casting for error
-* (test) [\#326](https://github.com/line/lbm-sdk/pull/326) Enable sim test and fix address related bug
- 
+
 ### Breaking Changes
-* (global) [\#90](https://github.com/line/lbm-sdk/pull/90) Revise module path to `github.com/line/lfb-sdk`
-* (rpc) [\#97](https://github.com/line/lbm-sdk/pull/97) Send response with 404 status when quering non-exist account
-* (proto) [\#106](https://github.com/line/lbm-sdk/pull/106) Rename package of proto files
-* (api) [\#130](https://github.com/line/lbm-sdk/pull/130) Rename rest apis
-* (auth) [\#265](https://github.com/line/lbm-sdk/pull/265) Introduce sig block height for the new replay protection
-* (global) [\#298](https://github.com/line/lbm-sdk/pull/298) Treat addresses as strings
-* (ostracon) [\#317](https://github.com/line/lbm-sdk/pull/317) Integrate Ostracon including vrf election and voter concept
-* (global) [\#323](https://github.com/line/lfb-sdk/pull/323) Re-brand lfb-sdk to lbm-sdk
-* (proto) [\#338](https://github.com/line/lbm-sdk/pull/338) Upgrade proto buf from v1beta1 to v1
 
 ### Build, CI
-* (ci) [\#234](https://github.com/line/lbm-sdk/pull/234) Fix branch name in ci script
-* (docker) [\#264](https://github.com/line/lbm-sdk/pull/264) Remove docker publish
- 
-### Document Updates
-* (docs) [\#205](https://github.com/line/lbm-sdk/pull/205) Renewal docs for open source
-* (docs) [\#207](https://github.com/line/lbm-sdk/pull/207) Fix license
-* (docs) [\#211](https://github.com/line/lbm-sdk/pull/211) Remove codeowners
-* (docs) [\#248](https://github.com/line/lbm-sdk/pull/248) Add PR procedure, apply main branch
-* (docs) [\#256](https://github.com/line/lbm-sdk/pull/256) Modify copyright and contributing
-* (docs) [\#259](https://github.com/line/lbm-sdk/pull/259) Modify copyright, verified from legal team
-* (docs) [\#260](https://github.com/line/lbm-sdk/pull/260) Remove gov, ibc and readme of wasm module
-* (docs) [\#262](https://github.com/line/lbm-sdk/pull/262) Fix link urls, remove invalid reference
-* (docs) [\#328](https://github.com/line/lbm-sdk/pull/328) Update quick start guide
 
-## [cosmos-sdk v0.42.1] - 2021-03-15
-Initial lbm-sdk is based on the cosmos-sdk v0.42.1
-
-* (cosmos-sdk) [v0.42.0](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.42.1).
-
-Please refer [CHANGELOG_OF_COSMOS_SDK_v0.42.1](https://github.com/cosmos/cosmos-sdk/blob/v0.42.1/CHANGELOG.md)
-<!-- Release links -->
+### Document Updates
diff --git a/RELEASE_CHANGELOG.md b/RELEASE_CHANGELOG.md
index 62a47bd4e5..ded9a83f11 100644
--- a/RELEASE_CHANGELOG.md
+++ b/RELEASE_CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [v0.43.1](https://github.com/line/lbm-sdk/releases/tag/v0.43.1)
+
+### Bug Fixes
+* (distribution) [\#364](https://github.com/line/lbm-sdk/pull/364) Force genOrBroadcastFn even when max-msgs != 0
+* (bank) [\#366](https://github.com/line/lbm-sdk/pull/366) Check bech32 address format in bank query
+
 ## [v0.43.0](https://github.com/line/lbm-sdk/releases/tag/v0.43.0)
 
 ### Features
diff --git a/x/bank/client/cli/query.go b/x/bank/client/cli/query.go
index 8e3c157494..113c28e4dd 100644
--- a/x/bank/client/cli/query.go
+++ b/x/bank/client/cli/query.go
@@ -65,8 +65,10 @@ Example:
 
 			queryClient := types.NewQueryClient(clientCtx)
 
+			if err := sdk.ValidateAccAddress(args[0]); err != nil {
+				return err
+			}
 			addr := sdk.AccAddress(args[0])
-
 			pageReq, err := client.ReadPageRequest(cmd.Flags())
 			if err != nil {
 				return err
diff --git a/x/bank/keeper/grpc_query.go b/x/bank/keeper/grpc_query.go
index 9647eea9fa..3655a7b6fd 100644
--- a/x/bank/keeper/grpc_query.go
+++ b/x/bank/keeper/grpc_query.go
@@ -24,6 +24,10 @@ func (k BaseKeeper) Balance(ctx context.Context, req *types.QueryBalanceRequest)
 		return nil, status.Error(codes.InvalidArgument, "address cannot be empty")
 	}
 
+	if err := sdk.ValidateAccAddress(req.Address); err != nil {
+		return nil, status.Error(codes.InvalidArgument, "invalid bech32 format")
+	}
+
 	if req.Denom == "" {
 		return nil, status.Error(codes.InvalidArgument, "invalid denom")
 	}
@@ -44,6 +48,10 @@ func (k BaseKeeper) AllBalances(ctx context.Context, req *types.QueryAllBalances
 		return nil, status.Error(codes.InvalidArgument, "address cannot be empty")
 	}
 
+	if err := sdk.ValidateAccAddress(req.Address); err != nil {
+		return nil, status.Error(codes.InvalidArgument, "invalid bech32 format")
+	}
+
 	sdkCtx := sdk.UnwrapSDKContext(ctx)
 
 	balances := sdk.NewCoins()
diff --git a/x/bank/keeper/grpc_query_test.go b/x/bank/keeper/grpc_query_test.go
index d8c5c5b237..c13a705fc1 100644
--- a/x/bank/keeper/grpc_query_test.go
+++ b/x/bank/keeper/grpc_query_test.go
@@ -72,6 +72,11 @@ func (suite *IntegrationTestSuite) TestQueryAllBalances() {
 	suite.Equal(res.Balances.Len(), 1)
 	suite.NotNil(res.Pagination.NextKey)
 
+	// invalid bech32 address
+	invalidReq := types.NewQueryAllBalancesRequest(sdk.AccAddress(addr.String()[0:10]), pageReq)
+	_, err = queryClient.AllBalances(gocontext.Background(), invalidReq)
+	suite.Require().Error(err)
+
 	suite.T().Log("query second page with nextkey")
 	pageReq = &query.PageRequest{
 		Key:        res.Pagination.NextKey,