Cosmos-sdk: May cause mint module panic

Created on 2 Dec 2019 · 3Comments · Source: cosmos/cosmos-sdk

Summary of Bug

The parameter MintDenom can be modified through the gov module, so when initiating a parameter modification proposal, the legitimacy of the modified parameter should be checked. Otherwise, once an illegal value is submitted (referring to an illegal denom here, of course, it may be due to a mistake), and the proposal is approved, which may cause panic

Version

master

Steps to Reproduce

Submit MintDenom parameter modification proposal
Vote on the previous step's proposal

For Admin Use

[ ] Not duplicate issue
[ ] Appropriate labels applied
[ ] Appropriate contributors tagged
[ ] Contributor assigned/self-assigned

params

Source

dreamer-zq

Most helpful comment

Here should check the legality of denom https://github.com/cosmos/cosmos-sdk/blob/5be87e40cef3f58419d76b236c246d3e4032a7a3/x/mint/internal/types/params.go#L71
or add an interface method Validate(key,value []string) in ParamSet https://github.com/cosmos/cosmos-sdk/blob/5be87e40cef3f58419d76b236c246d3e4032a7a3/x/params/subspace/paramset.go#L19

dreamer-zq on 2 Dec 2019

👍2

All 3 comments

dreamer-zq on 2 Dec 2019

👍2

I recall that parameter validation is still a TODO that we need to address. cc: @alexanderbez.

fedekunze on 2 Dec 2019

👍1

dup of #3473

fedekunze on 2 Dec 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

x/staking: A sequence of transactions causes one to delete a non-existent validator

ValarDragon · 3Comments

gaiacli keys show <multisig> should show constituent pubkeys, and weights

ValarDragon · 3Comments

Split "Breaking Changes" in Changelog

rigelrozanski · 3Comments

MsgCreateValidator.ValidateBasic does not validate commission

ValarDragon · 3Comments

Attacker can submit TX with negative Fee minting tokens

hendrikhofstadt · 3Comments