Skip to content

Commit

Permalink
fix: avoid broadcasting tx through query (backport cosmos#15044) (cos…
Browse files Browse the repository at this point in the history 
…mos#15047)

Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>
  • Loading branch information
@mergify @facundomedica
@julienrbrt @ankurdotb
3 people authored and ankurdotb committed Feb 28, 2023
1 parent 13d32bc commit 81a1ffa
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ Ref: https://keepachangelog.com/en/1.0.0/

## [Unreleased]

## [v0.46.10](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.46.10) - 2022-02-16

### Improvements

* (cli) [#14953](https://github.com/cosmos/cosmos-sdk/pull/14953) Enable profiling block replay during abci handshake with `--cpu-profile`.
Expand Down
7 changes: 3 additions & 4 deletions RELEASE_NOTES.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
# Cosmos SDK v0.46.9 Release Notes
# Cosmos SDK v0.46.10 Release Notes

This release introduces bug fixes and improvements. Notably an extra config in the `app.toml`, `iavl-lazy-loading`, to enable lazy loading of IAVL store.
Changes to be made in the `app.toml` can be found in the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/release/v0.46.x/CHANGELOG.md).
This release improves CPU profiling when using the `--cpu-profile` flag, and fixes a possible way to DoS a node.

Please see the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/release/v0.46.x/CHANGELOG.md) for an exhaustive list of changes.

Full Commit History: https://github.com/cosmos/cosmos-sdk/compare/v0.46.8...v0.46.9
Full Commit History: https://github.com/cosmos/cosmos-sdk/compare/v0.46.9...v0.46.10
4 changes: 4 additions & 0 deletions baseapp/abci.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,10 @@ func (app *BaseApp) Query(req abci.RequestQuery) (res abci.ResponseQuery) {
telemetry.IncrCounter(1, "query", req.Path)
defer telemetry.MeasureSince(time.Now(), req.Path)

if req.Path == "/cosmos.tx.v1beta1.Service/BroadcastTx" {
return sdkerrors.QueryResult(sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "can't route a broadcast tx message"), app.trace)
}

// handle gRPC routes first rather than calling splitPath because '/' characters
// are used as part of gRPC paths
if grpcHandler := app.grpcQueryRouter.Route(req.Path); grpcHandler != nil {
Expand Down

0 comments on commit 81a1ffa

Please sign in to comment.