Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sequencers): incorrect sorting mechanism allows manipulation of proposer selection #1292

Merged
merged 4 commits into from
Oct 11, 2024
Merged

fix(sequencers): incorrect sorting mechanism allows manipulation of proposer selection #1292

merged 4 commits into from
Oct 11, 2024

Conversation

mtsitrin
Copy link
Contributor

@mtsitrin mtsitrin commented Oct 7, 2024

Description

Closes #1291

This PR does the following:

  • better enforcement of single denom for sequencer bond
  • requires MinBond param to be > 0 (instead >= 0 currently)

@mtsitrin mtsitrin requested a review from a team as a code owner October 7, 2024 16:46
@mtsitrin mtsitrin linked an issue Oct 7, 2024 that may be closed by this pull request
Incorrect sorting mechanism allows manipulation of proposer selection #1291
Closed
omritoptix
omritoptix requested changes Oct 10, 2024
View reviewed changes
x/sequencer/keeper/msg_server_create_sequencer.go
}
// validate bond requirement
minBond := k.GetParams(ctx).MinBond
if !msg.Bond.IsGTE(minBond) {
Copy link
Contributor

@omritoptix omritoptix Oct 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see we removed the check if the bond denom is the same as the minBond denom. in that case where do we enforce someone doesn't bond other token denom vs the bond denom defined?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's checked in IsGTE

// IsGTE returns true if they are the same type and the receiver is
// an equal or greater value

x/sequencer/keeper/msg_server_create_sequencer_test.go
@@ -55,45 +49,63 @@ func (suite *SequencerTestSuite) TestMinBond() {
bond: sdk.NewCoin(bond.Denom, bond.Amount.Quo(sdk.NewInt(2))),
expectedError: types.ErrInsufficientBond,
},
{
name: "wrong bond denom",
Copy link
Contributor

@omritoptix omritoptix Oct 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also this test seems to test the wrong thing - i.e fail on invalid coin denom vs valid but not what we expected (i.e wrong denom).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed the test a bit

@omritoptix omritoptix merged commit c8b8406 into main Oct 11, 2024
8 checks passed
@omritoptix omritoptix deleted the mtsitrin/1291-incorrect-sorting-mechanism-allows-manipulation-of-proposer-selection branch October 11, 2024 13:08
@mtsitrin mtsitrin mentioned this pull request Oct 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omritoptix omritoptix omritoptix approved these changes

Assignees
No one assigned
Labels
dym-internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incorrect sorting mechanism allows manipulation of proposer selection
2 participants
@mtsitrin @omritoptix