From 9f6f9f5902b88f285d0db77cd1116cf7dabdeb3f Mon Sep 17 00:00:00 2001 From: atheeshp <59333759+atheeshp@users.noreply.github.com> Date: Mon, 4 Apr 2022 18:31:18 +0530 Subject: [PATCH] fix: panic in `authz` (#11512) ## Description Closes: #11478 --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) --- CHANGELOG.md | 3 ++- x/staking/types/authz.go | 5 +++++ x/staking/types/authz_test.go | 12 ++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c583cb7be95..21b761dcc357 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -243,7 +243,8 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/authz) [\#11252](https://github.com/cosmos/cosmos-sdk/pull/11252) Allow insufficient funds error for authz simulation * (cli) [\#11313](https://github.com/cosmos/cosmos-sdk/pull/11313) Fixes `--gas auto` when executing CLI transactions in `--generate-only` mode * (cli) [\#11337](https://github.com/cosmos/cosmos-sdk/pull/11337) Fixes `show-adress` cli cmd -* (crypto) [\#11298](https://github.com/cosmos/cosmos-sdk/pull/11298) Fix cgo secp signature verification and update libscep256k1 library. +* (crypto) [\#11298](https://github.com/cosmos/cosmos-sdk/pull/11298) Fix cgo secp signature verification and update libscep256k1 library. +* (x/authz) [\#11512](https://github.com/cosmos/cosmos-sdk/pull/11512) Fix response of a panic to error, when subtracting balances. ### State Machine Breaking diff --git a/x/staking/types/authz.go b/x/staking/types/authz.go index 45ce23089a3e..e26712ade2e4 100644 --- a/x/staking/types/authz.go +++ b/x/staking/types/authz.go @@ -103,6 +103,11 @@ func (a StakeAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptRe Updated: &StakeAuthorization{Validators: a.GetValidators(), AuthorizationType: a.GetAuthorizationType()}}, nil } + // check sufficient balance exists. + if _, isNegative := sdk.NewCoins(*a.MaxTokens).SafeSub(sdk.NewCoins(amount)); isNegative { + return authz.AcceptResponse{}, sdkerrors.ErrInsufficientFunds.Wrapf("amount is more than max tokens") + } + limitLeft := a.MaxTokens.Sub(amount) if limitLeft.IsZero() { return authz.AcceptResponse{Accept: true, Delete: true}, nil diff --git a/x/staking/types/authz_test.go b/x/staking/types/authz_test.go index fd7f17d63e65..1f649f0a28a4 100644 --- a/x/staking/types/authz_test.go +++ b/x/staking/types/authz_test.go @@ -13,6 +13,7 @@ import ( var ( coin100 = sdk.NewInt64Coin("steak", 100) + coin150 = sdk.NewInt64Coin("steak", 150) coin50 = sdk.NewInt64Coin("steak", 50) delAddr = sdk.AccAddress("_____delegator _____") val1 = sdk.ValAddress("_____validator1_____") @@ -70,6 +71,17 @@ func TestAuthzAuthorizations(t *testing.T) { true, nil, }, + { + "delegate: coins more than allowed", + []sdk.ValAddress{val1, val2}, + []sdk.ValAddress{}, + stakingtypes.AuthorizationType_AUTHORIZATION_TYPE_DELEGATE, + &coin100, + stakingtypes.NewMsgDelegate(delAddr, val1, coin150), + true, + false, + nil, + }, { "delegate: verify remaining coins", []sdk.ValAddress{val1, val2},