From 974ecc06fc8d40a4359c35fdd05a41542e22b18b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Federico=20Kunze=20K=C3=BCllmer?= <31522760+fedekunze@users.noreply.github.com> Date: Tue, 29 Mar 2022 15:14:59 +0200 Subject: [PATCH] feat: get keyring backend (#11484) ## Description This PR introduces a getter for the keyring backend type used in the keyring config. This is useful to disable endpoints whenever the keyring `test` backend is used. This is a workaround since the SDK keyring dependency doesn't support locking accounts. See https://github.com/99designs/keyring/issues/85 for context. Attack on ethereum that affects Ethermint chain validators/nodes using `keyring_backend=test`, making their funds remotely accessible via `eth_sendTransaction` https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/ --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed all author checklist items have been addressed - [ ] confirmed that this PR does not change production code (cherry picked from commit 2083bc8646f1fbdc5474b7338601a09a3369c03b)