Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attacker can submit TX with negative Fee minting tokens #2776

Closed
4 tasks done
hendrikhofstadt opened this issue Nov 12, 2018 · 3 comments · Fixed by #2797
Closed
4 tasks done

Attacker can submit TX with negative Fee minting tokens #2776

hendrikhofstadt opened this issue Nov 12, 2018 · 3 comments · Fixed by #2797
Assignees
@alexanderbez
Labels
T:Bug

Comments

@hendrikhofstadt
Copy link
Contributor

hendrikhofstadt commented Nov 12, 2018
edited
Loading

Summary of Bug

The StdTx.Fee can be set to a negative amount.

Since there is no validation both the FeePool will be corrupted and the first signature's balance increased.

This is a critical problem since any account can drain the fee pool and add the tokens to their own account.

Steps to Reproduce

Set StdTx to a negative Coins amount

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@jackzampolin jackzampolin mentioned this issue Nov 12, 2018
Closed
27 tasks
@cwgoes
Copy link
Contributor

cwgoes commented Nov 12, 2018

Ref #1273, which would have prevented this entire class of bugs, of which there have been several so far.

@alexanderbez alexanderbez self-assigned this Nov 12, 2018
@hendrikhofstadt
Copy link
Contributor Author

hendrikhofstadt commented Nov 12, 2018
edited
Loading

Potentially fits the security tag as well.

@cwgoes I agree. Any particular reason #1273 has not been implemented yet ? That could also avoid a lot of redundant .LT(0) checks.

@cwgoes
Copy link
Contributor

cwgoes commented Nov 12, 2018

Any particular reason #1273 has not been implemented yet?

Not any good one. We're on it.

@zmanian zmanian mentioned this issue Nov 12, 2018
Closed
@alexanderbez alexanderbez mentioned this issue Nov 13, 2018
Merged
5 tasks
@tarcieri tarcieri mentioned this issue Aug 20, 2020
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexanderbez alexanderbez

Labels
T:Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[R4R] Add Safety Measures to Coin/Coins cosmos/cosmos-sdk
3 participants
@hendrikhofstadt @alexanderbez @cwgoes