From 1ae7f1364e36affa16c5a7e890611014f3c9c443 Mon Sep 17 00:00:00 2001
From: yutianwu <wzxingbupt@gmail.com>
Date: Thu, 16 Mar 2023 10:47:18 +0800
Subject: [PATCH 1/2] sec: implement security enhancements (#328)

---
 store/statesync_helper.go | 9 +++++++++
 types/store.go            | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/store/statesync_helper.go b/store/statesync_helper.go
index d2284df18..c9ded5f0a 100644
--- a/store/statesync_helper.go
+++ b/store/statesync_helper.go
@@ -181,6 +181,10 @@ func (helper *StateSyncHelper) WriteRecoveryChunk(hash abci.SHA256Sum, chunk *ab
 	if chunk != nil {
 		numOfNodes := len(chunk.Nodes)
 		nodes := make([]*iavl.Node, 0, numOfNodes)
+		
+		if numOfNodes == 0 {
+			return fmt.Errorf("length of nodes is 0")
+		}
 
 		helper.logger.Info("start write recovery chunk", "isComplete", isComplete, "hash", fmt.Sprintf("%x", hash), "startIdx", chunk.StartIdx, "numOfNodes", numOfNodes, "chunkCompletion", chunk.Completeness)
 
@@ -200,6 +204,7 @@ func (helper *StateSyncHelper) WriteRecoveryChunk(hash abci.SHA256Sum, chunk *ab
 					return err
 				}
 			}
+
 			nodeIdx := chunk.StartIdx + int64(numOfNodes-1)
 			helper.incompleteChunks[nodeIdx] = append(helper.incompleteChunks[nodeIdx],
 				incompleteChunkItem{
@@ -277,6 +282,10 @@ func (helper *StateSyncHelper) saveIncompleteChunks() error {
 		// sort and check chunkItems are valid
 		sort.Sort(&chunkItemSorter{chunkItems})
 
+		if len(chunkItems) == 0 {
+			return fmt.Errorf("length of chunks is 0")
+		}
+
 		expectedNodeParts := chunkItems[len(chunkItems)-1].chunkIdx - chunkItems[0].chunkIdx + 1
 		if expectedNodeParts != len(chunkItems) {
 			return fmt.Errorf("node parts are not complete, should be %d, but have %d, nodeIdx: %d", expectedNodeParts, len(chunkItems), nodeIdx)
diff --git a/types/store.go b/types/store.go
index 90b70f787..692b854d3 100644
--- a/types/store.go
+++ b/types/store.go
@@ -287,7 +287,7 @@ func (key *KVStoreKey) String() string {
 // range query for all []byte with a certain prefix
 // Deals with last byte of prefix being FF without overflowing
 func PrefixEndBytes(prefix []byte) []byte {
-	if prefix == nil {
+	if len(prefix) == 0 {
 		return nil
 	}
 

From 69fd24339d8ada91bc5dc3973b541c67a8a12a78 Mon Sep 17 00:00:00 2001
From: zjubfd <296179868@qq.com>
Date: Mon, 20 Mar 2023 10:57:16 +0800
Subject: [PATCH 2/2] docs: add the changelog for v0.26.0 (#329)

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ec1e24d42..af1f66f18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+##v0.26.0
+* [sec] [\#328](https://github.com/bnb-chain/bnc-cosmos-sdk/pull/328) sec: implement security enhancements (#328)
+
 ##v0.25.9
 
 * [sdk] [\#300](https://github.com/bnb-chain/bnc-cosmos-sdk/pull/300) feats: add ics23 proof support