Add iavl test proving forgery #583
Closed
Commits on Mar 10, 2023
-
import original iavl proof_forgery_test.go 2022-10-08
Won't compile yet. Is a test of the iavl proof forgery as exploited during BSC 2022-10-07 hack. Notes: 1. proof_forgery_test.go comes from cosmos/iavl#582 2. gist showing the same vuln at https://gist.github.com/samczsun/8635f49fac0ec66a5a61080835cae3db The test is not going to compile as is, it needs some work.
-
proof_forgery_test.go compiles, and fails the test as expected (-> vu…
…lnerable) output follows --- FAIL: TestProofForgery (0.00s) proof_forgery_test.go:69: Error Trace: /home/bob/opt/src/COINS/Cosmos/GNO/gno/pkgs/iavl/proof_forgery_test.go:69 Error: Should be empty, but was [73 209 82 89 222 179 131 99 170 27 180 58 80 20 211 (...) 94 7 254 45 183 20 244] Test: TestProofForgery Messages: roothash must be empty if both left and right are set FAIL FAIL command-line-arguments 0.003s FAIL -
Test now passes whenever gnolang#583 is applied
and fails otherwise (fails when vuln not fixed) It should now be ok for review.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.