Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

chore(docs): update SECURITY.md #1410

Merged
merged 5 commits into from
Oct 29, 2022
Merged

chore(docs): update SECURITY.md #1410

merged 5 commits into from
Oct 29, 2022

Conversation

fedekunze
Copy link
Contributor

Closes: #XXX

Description


For contributor use:

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer

For admin use:

  • Added appropriate labels to PR (ex. WIP, R4R, docs, etc)
  • Reviewers assigned
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

SECURITY.md Outdated Show resolved Hide resolved
Co-authored-by: Daniel Burckhardt <daniel.m.burckhardt@gmail.com>
@fedekunze fedekunze marked this pull request as ready for review October 28, 2022 10:52
@fedekunze fedekunze requested a review from a team as a code owner October 28, 2022 10:52
@fedekunze fedekunze requested review from 4rgon4ut and adisaran64 and removed request for a team October 28, 2022 10:52
Copy link
Contributor

@GAtom22 GAtom22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Left a couple of comments

SECURITY.md Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Show resolved Hide resolved
fedekunze and others added 2 commits October 29, 2022 10:05
Co-authored-by: Tomas Guerra <54514587+GAtom22@users.noreply.github.com>
@fedekunze fedekunze merged commit e9d9856 into main Oct 29, 2022
@fedekunze fedekunze deleted the fedekunze/update-security branch October 29, 2022 08:10
fedekunze added a commit that referenced this pull request Nov 18, 2022
* build(deps): bump github.com/onsi/gomega from 1.22.1 to 1.23.0 (#1406)

* build(deps): bump github.com/onsi/gomega from 1.22.1 to 1.23.0

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.22.1 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.22.1...v1.23.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update gomod2nix

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Freddy Caceres <facs95@gmail.com>
Co-authored-by: Daniel Burckhardt <daniel.m.burckhardt@gmail.com>

* build(deps): bump github.com/cosmos/ibc-go/v5 from 5.0.0 to 5.0.1 (#1412)

Bumps [github.com/cosmos/ibc-go/v5](https://github.com/cosmos/ibc-go) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/cosmos/ibc-go/releases)
- [Changelog](https://github.com/cosmos/ibc-go/blob/v5.0.1/CHANGELOG.md)
- [Commits](cosmos/ibc-go@v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: github.com/cosmos/ibc-go/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump cachix/cachix-action from 11 to 12 (#1411)

* build(deps): bump cachix/cachix-action from 11 to 12

Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 11 to 12.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](cachix/cachix-action@v11...v12)

---
updated-dependencies:
- dependency-name: cachix/cachix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update gomod2nix

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Freddy Caceres <facs95@gmail.com>

* chore(docs): update SECURITY.md (#1410)

* chore(docs): update SECURITY.md

* Update SECURITY.md

Co-authored-by: Daniel Burckhardt <daniel.m.burckhardt@gmail.com>

* Update SECURITY.md

Co-authored-by: Tomas Guerra <54514587+GAtom22@users.noreply.github.com>

Co-authored-by: Daniel Burckhardt <daniel.m.burckhardt@gmail.com>
Co-authored-by: Tomas Guerra <54514587+GAtom22@users.noreply.github.com>

* deps: bump go to v1.19 (#1416)

* deps: bump go to v1.19

* deps: add dragonberry patch repalce in go.mod

* deps: add ival bump to v0.19.4

* deps: remove unrelated version bumps to adress in differnet PR

* go mod tidy

* add changelog

* fix typo in changelog

* chore(cli): apply google CLI Syntax for required and optional args (#1417)

* chore(cli): apply google CLI Syntax for required and optional args

* chore(cli): add changes in CHANGELOG

* chore(cli): fix link to PR in CHANGELOG

* chore(cli): fix args in feemarket

* chore(cli): update docs based on comments

* chore(ci): update linters (#1418)

* chore(ci): update linters

* skip md link

* backport: add v0.19.3 dragonberry changes to `main` and bump iavl to v0.19.4 (#1419)

* backport: v0.19.3 dragonberry changes and iavl bump

* add v0.19.3 changelog

* update gomod2nix

* fix linter

* use latest for golangci github workflow

Co-authored-by: Freddy Caceres <facs95@gmail.com>

* deps(sdk): bump to v0.46.4 (#1423)

* deps(sdk): bump to v0.46.4

* deps(sdk): add IAVLDisableFastNode flag with false default

* imp: reduce integration test block time to 2s (#1428)

* build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.0 (#1429)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.23.0...v1.24.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(rpc): different result from `eth_getProof` comparing with Ethereum (#1431)

* align with eth_getProof

for more info, see https://eips.ethereum.org/EIPS/eip-1186

* add GetHexProofs

* add change doc

* keep default res

* fix lint

* add e2e test

* Apply suggestions from code review

* fix lint

* nix run -f ./nix gomod2nix

* Refactor EIP-712 signature verification (#1397)

* [WIP] EIP-712 Signature Refactor

* Debug and add ante tests

* Add tests for failure cases

* Add changelog entry

* Code cleanup

* Add tests for MsgDelegate and MsgWithdrawDelegationReward

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Code cleanup

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Minor codefix

* Update ethereum/eip712/encoding.go

* Minor code revision updates

* Refactor EIP712 unit tests to use test suite

* Address import cycle and implement minor refactors

* Fix lint issues

* Add EIP712 unit suite test function

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Update ethereum/eip712/encoding.go

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Add minor refactors; increase test coverage

* Correct ante_test for change in payload

* Add single-signer util and tests

* Update ethereum/eip712/encoding.go

* Update ethereum/eip712/encoding.go

* fix build

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>
Co-authored-by: Freddy Caceres <facs95@gmail.com>

* fix: build test on mac by updating to python3.10 (#1437)

* build(deps): bump loader-utils from 1.4.0 to 1.4.1 in /tests/solidity (#1445)

Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.1/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* imp(evm): improve performance of EstimateGas (#1444)

* imp(evm): improve performance of EstimateGas

* changelog

* fix(rpc): decode `finalized` block number (#1442)

* fix(rpc): decode 'finalized' block number

* changelog

Co-authored-by: Freddy Caceres <facs95@gmail.com>

* build(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 (#1449)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.0 to 1.24.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.24.0...v1.24.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1439)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: 4rgon4ut <59182467+4rgon4ut@users.noreply.github.com>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* fix: unstable tx_priority test (#1440)

* fix unstable tx_priority test

* Update tests/integration_tests/test_priority.py

Co-authored-by: yihuang <huang@crypto.com>

* Update tests/integration_tests/test_priority.py

Co-authored-by: yihuang <huang@crypto.com>

Co-authored-by: yihuang <huang@crypto.com>
Co-authored-by: Adi Saravanan <59209660+adisaran64@users.noreply.github.com>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* build(deps): bump github.com/cosmos/ibc-go/v5 from 5.0.1 to 5.1.0 (#1450)

Bumps [github.com/cosmos/ibc-go/v5](https://github.com/cosmos/ibc-go) from 5.0.1 to 5.1.0.
- [Release notes](https://github.com/cosmos/ibc-go/releases)
- [Changelog](https://github.com/cosmos/ibc-go/blob/v5.1.0/CHANGELOG.md)
- [Commits](cosmos/ibc-go@v5.0.1...v5.1.0)

---
updated-dependencies:
- dependency-name: github.com/cosmos/ibc-go/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#1454)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refactor(all): refactor errors import to use cosmossdk.io (#1456)

* refactor (errors) refactor errors import to use cosmossdk.io instead of cosmos-sdk/types/errors

* refactor (errors) refactor errors import in ethsecp256k1 file

* refactor (errors) add changes to changelog

* build(deps): bump alpine from 3.16.2 to 3.16.3 (#1453)

Bumps alpine from 3.16.2 to 3.16.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Empty KV gas config (#1460)

* update sdk version

* setup empty gas config

* fix lint

* fix integration tests

* add Ante unit test

* update changelog

* test: remove unused integration tests (#1462)

* fix: remove e2e github action (#1463)

* remove unused tests

* imp: remove e2e github action

* build(deps): bump loader-utils from 1.4.1 to 1.4.2 in /tests/solidity (#1464)

Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore (deps): Update geth version to v1.10.25 (#1413)

* build(deps): bump github.com/ethereum/go-ethereum

Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.10.19 to 1.10.25.
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.10.19...v1.10.25)

---
updated-dependencies:
- dependency-name: github.com/ethereum/go-ethereum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* wip geth update

* fix geth init flag order

* add chainId to getTransaction. fix types comparison. update expected values on tests

* wip add tracer config

* tracers test

* update tests

* update to v1.10.25

* fix linter python

* ignore error

* fix lint

* additional changes from diff

* fix issues

* solve lint issues

* fix tests

* fix flake

* wrap types comparison in integration tests

* fix integration tests

* fix flake

* update changelog

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>
Co-authored-by: Freddy Caceres <facs95@gmail.com>

* Add EIP-712 encoding support type for any array (#1430)

* Add EIP-712 encoding support type for any array

* Refactor implementation + add tests

* Refactor unpacking implementation; refactor test case

* Fix lint issue

* Add MsgExec test case

* Update comment for clarity

* Add changelog entry

* Refactor `sdkerrors` to `errorsmod`

Co-authored-by: Freddy Caceres <facs95@gmail.com>

* fix: extend geth config on integration tests (#1467)

* changing git config and adding tests

* removing print statements

* remove unneccessary imports

* fix flake

* remove geth setup test

Co-authored-by: Freddy Caceres <facs95@gmail.com>

* tests: Add unit tests for rpc client endpoints (#1409)

* test: add preliminary unit tests and additional mocks for chain_info, account_info and filters

* tests: added additional mocked client calls

* tests: bumped coverage of call_tx to 56% and chain_info to 77%

* tests: bumped call_tx coverage to 70.2% and added additional mock client calls

* tests: tx_info preliminary tests added for debugging.

* tests: added test coverage for sign_tx and additional mocks

* tests: tx_info test coverage bumped to 60.3%

* test: coverage for tracing_tests now at 72%

* tests: added fee makert query client mocks and bumped chain_info to 87.6% coverage.

* tests: failing Cosmos auth module account query.

* tests: added FeeMarket Params mock to call_tx_test

* cleanup some unused code

* tests: added helper function to test suite for signing a Tx and bumped coverage of tx_info to 71.2%

* test: commented GetAccount error case and bumped chain_info to 90.3% coverage

* test: cleanup of tests in node_info, sign_tx and account_info

* Clean up print

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* Apply suggestions from code review

* fix import issues

Co-authored-by: Vladislav Varadinov <vlad@evmos.org>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>
Co-authored-by: Freddy Caceres <facs95@gmail.com>

* Refactor to omit empty optionals from EIP-712 type generation (#1459)

* Refactor to omit empty values from type creation; add test for v1.vote

* Add test for createValidator with optional fields left blank

* Add changelog entry

* Update changelog entry

Co-authored-by: Freddy Caceres <facs95@gmail.com>

* fix: protogen scripts were not correctly implemented (#1466)

* Delete local copy of third party proto files

* Update protocgen script and buf yaml files to mirror cosmos-sdk

* Update makefile commands for proto-gen and proto-swagger-gen to correctly use docker

* Commit changed .pb.go files after updating the protogen scripts

* Adjust grep in proto-tools-installer script to look for correct gogoproto replacement

* address reviews - remove unnecessary ignore in buf.yaml and cosmos-sdk download in the protocgen script

* remove proto-update-deps from makefile as we don't store local copies of third party protofiles anymore

* Add changelog entry

* Update protoc-swagger-gen.sh

* Remove third party queries from swagger-ui config (for now)

* fix integrations tests

* fix dead changelog links (markdown-link-check)

Co-authored-by: Freddy Caceres <facs95@gmail.com>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>

* chore (deps): Update geth version to v1.10.26

* chore (deps): Add changes in changelog file

* chore (deps): Add more detail in changelog file

* chore (deps): Update nix dependencies for integration tests

* chore (deps): Update geth nix file

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Freddy Caceres <facs95@gmail.com>
Co-authored-by: Daniel Burckhardt <daniel.m.burckhardt@gmail.com>
Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>
Co-authored-by: mmsqe <mavis@crypto.com>
Co-authored-by: Austin Chandra <austinchandra@berkeley.edu>
Co-authored-by: 4rgon4ut <59182467+4rgon4ut@users.noreply.github.com>
Co-authored-by: yihuang <huang@crypto.com>
Co-authored-by: Adi Saravanan <59209660+adisaran64@users.noreply.github.com>
Co-authored-by: Ramiro Carlucho <ramirocarlucho@gmail.com>
Co-authored-by: Vladislav Varadinov <vladislav.varadinov@gmail.com>
Co-authored-by: Vladislav Varadinov <vlad@evmos.org>
Co-authored-by: MalteHerrmann <42640438+MalteHerrmann@users.noreply.github.com>
@danburck danburck mentioned this pull request Nov 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants