-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/bank/types: AddressFromBalancesStore address length checking condition false positive #9111
Comments
cc @odeke-em |
Nice catch @cuonglm and good to see that a fuzzer also caught it! Please help send a PR for it. Thank you! |
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary of Bug
Coming here from #9060, the current address length checking condition in AddressFromBalancesStore has false positive:
cosmos-sdk/x/bank/types/key.go
Line 47 in 849fab1
First, we check for
len(key[1:]) < int(addrLen)
, but later, we do slice slicing withkey[1 : addrLen+1]
.The problem is that
addrLen
is encoded in a byte, soaddrLen+1
can be overflow. It seems to me that we can fix this by using `int(addrLen)+1 instead.Version
All versions.
Steps to Reproduce
For Admin Use
The text was updated successfully, but these errors were encountered: