From 90a36f858272c0f836a3742c9db9b1ba140cba9a Mon Sep 17 00:00:00 2001 From: Emmanuel T Odeke Date: Wed, 14 Jun 2023 13:56:23 -0700 Subject: [PATCH] fix: x/auth/types: ensure nil .BaseAccounts are reported in ModuleAccount.Validate This change ensures that ModuleAccount.Validate flags nil .BaseAccount to avoid a nil pointer dereference. This bug was found by fuzzing cosmos/gaia. Fixes #16552 --- CHANGELOG.md | 4 ++++ x/auth/types/account.go | 4 ++++ x/auth/types/account_test.go | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 279fe498da03..6c5cf711c7a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,10 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/distribution) [#16483](https://github.com/cosmos/cosmos-sdk/pull/16483) use collections for `DelegatorStartingInfo` state management: * remove `Keeper`: `IterateDelegatorStartingInfo`, `GetDelegatorStartingInfo`, `SetDelegatorStartingInfo`, `DeleteDelegatorStartingInfo`, `HasDelegatorStartingInfo` +### Bug Fixes + +* (x/auth/types) [#16554](https://github.com/cosmos/cosmos-sdk/pull/16554) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. + ## [v0.50.0-alpha.0](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.0-alpha.0) - 2023-06-07 ### Features diff --git a/x/auth/types/account.go b/x/auth/types/account.go index 9345d819d240..b111cf0c1688 100644 --- a/x/auth/types/account.go +++ b/x/auth/types/account.go @@ -218,6 +218,10 @@ func (ma ModuleAccount) Validate() error { return errors.New("module account name cannot be blank") } + if ma.BaseAccount == nil { + return errors.New("uninitialized ModuleAccount: BaseAccount is nil") + } + if ma.Address != sdk.AccAddress(crypto.AddressHash([]byte(ma.Name))).String() { return fmt.Errorf("address %s cannot be derived from the module name '%s'", ma.Address, ma.Name) } diff --git a/x/auth/types/account_test.go b/x/auth/types/account_test.go index 545e3beef5d1..d29372dcd081 100644 --- a/x/auth/types/account_test.go +++ b/x/auth/types/account_test.go @@ -193,3 +193,8 @@ func TestNewModuleAddressOrBech32Address(t *testing.T) { require.Equal(t, input, types.NewModuleAddressOrBech32Address(input).String()) require.Equal(t, "cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", types.NewModuleAddressOrBech32Address("distribution").String()) } + +func TestModuleAccountValidateNilBaseAccount(t *testing.T) { + ma := &types.ModuleAccount{Name: "foo"} + _ = ma.Validate() +}