-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(gov): handle panics when executing x/gov proposals #17780
Conversation
NOTE: I'm adding backport to |
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thank you for adding this, the change makes sense same with the backport
x/gov/abci.go
Outdated
|
||
defer func() { | ||
if r := recover(); r != nil { | ||
err = fmt.Errorf("handling x/gov poposal msg [%s] PANICED: %v", msg, r) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is another typo I think PANICED
-> PANICKED
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @robert-zaremba and nice to catch you here after a very long time!
For the commit message and change log entries, please use this
Recover panics and turn them into errors when executing x/gov proposals
Otherwise LGTM. Thank you
CHANGELOG.md
Outdated
@@ -46,6 +46,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ | |||
* (x/bank) [#17569](https://github.com/cosmos/cosmos-sdk/pull/17569) Introduce a new message type, `MsgBurn `, to burn coins. | |||
* (genutil) [#17571](https://github.com/cosmos/cosmos-sdk/pull/17571) Allow creation of `AppGenesis` without a file lookup. | |||
* (server) [#17094](https://github.com/cosmos/cosmos-sdk/pull/17094) Add duration `shutdown-grace` for resource clean up (closing database handles) before exit. | |||
* (x/gov) [#17780](https://github.com/cosmos/cosmos-sdk/pull/17780) Handle panics when executing x/gov proposals. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recover panics and turn them into errors when executing x/gov proposals
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@odeke-em thanks for suggestion. I will update the changelog. However I don't think this kind of comment should be blocking, because now we need to wait for you to unblock.
I'm thinking more about the backports. What do you think about backporting to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Could you run |
@julienrbrt , @tac0turtle could you 👍 about the proposal to backport to |
(cherry picked from commit a0b39a1) # Conflicts: # CHANGELOG.md
Your reasoning makes sense, this behavior change would not be consensus breaking, unless I am missing something (cc @alexanderbez). So that would make sense to backport to v0.47. |
) (#17790) Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Julien Robert <julien@rbrt.fr>
(cherry picked from commit a0b39a1) # Conflicts: # CHANGELOG.md # x/gov/abci.go
) (#17793) Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Julien Robert <julien@rbrt.fr>
…mos#17780) (cosmos#17793) Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Julien Robert <julien@rbrt.fr>
Description
x/gov
proposal execution is done in ABCI EndBlock. Proposals contain a custom, potentially untrusted code, which can panic, and putting the whole chain down.Today, the proposal handler execution is not recoverable, making the chain halt rather than erroring the proposal executing.
In this PR I propose to guard the
Msg
handler executing in a recoverable block, safely failing the proposal if the panics occurs.Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
to the type prefix if API or client breaking changeCHANGELOG.md
make lint
andmake test
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!
in the type prefix if API or client breaking change