Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: unsafe usage of unwrap in supply #1103

Merged
merged 2 commits into from
Jul 21, 2023
Merged

fix: unsafe usage of unwrap in supply #1103

merged 2 commits into from
Jul 21, 2023

Conversation

gregdhill
Copy link
Member

As reported by SRLabs:

[High] Unsafe usage of unwrap() in supply::begin_block

Summary

The conversion of total_supply to FixedPointNumber exceeds accuracy and returns None, which crashes the blockchain once unwrap() is called.

Issue details

The begin_block function from pallet supply will increase the Currency total_issuance based on the inflation rate, using deposit_creating.

Because total_supply can become too large, checked_from_integer will return None and the a panic is being raised because of the unwrap().

We tested the possibility of the crash by using the following values for the genesis of pallet supply:

supply::GenesisConfig::<Runtime> {
    initial_supply: 10_000_000,
    start_height: 100,
    inflation: UnsignedFixedPoint::checked_from_rational(2, 100).unwrap(), // 2%
}

By calling any extrinsic after 100 blocks (the value of start_height), the unwrap() call might fail, potentially causing nodes to panic.

Risk

Once the blockchain reaches the start_height block, if the inflation rate is too high, the chain will crash.

Mitigation

Review the logic of begin_block and replace the checked_from_integer function with an arithmetic safe function.

@gregdhill gregdhill force-pushed the fix/supply-unwrap branch from 1a001de to 7b995e6 Compare June 21, 2023 16:34
@gregdhill
fix: unsafe usage of unwrap in supply
a117d4d 
Signed-off-by: Gregory Hill <gregorydhill@outlook.com>
@gregdhill gregdhill force-pushed the fix/supply-unwrap branch from 7b995e6 to a117d4d Compare June 21, 2023 16:47
sander2
sander2 reviewed Jul 20, 2023
View reviewed changes
crates/supply/src/lib.rs Outdated Show resolved Hide resolved
@gregdhill
refactor: remove unnecessary fixed point conversions
8058993 
Signed-off-by: Gregory Hill <gregorydhill@outlook.com>
@sander2 sander2 merged commit f48bd4c into interlay:master Jul 21, 2023
@gregdhill gregdhill deleted the fix/supply-unwrap branch July 21, 2023 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sander2 sander2 sander2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gregdhill @sander2