Cosmos-sdk: Update IBC messages to validate Signer string

Created on 28 Oct 2020 · 7Comments · Source: cosmos/cosmos-sdk

Summary

While auditing IBC we noticed that the signer in a message is validated using:

 if msg.Signer == "" {
        return sdkerrors.Wrap(sdkerrors.ErrInvalidAddress, "signer address cannot be empty")
    }

Should this be?

 if strings.TrimSpace(msg.Signer) == "" {
        return sdkerrors.Wrap(sdkerrors.ErrInvalidAddress, "signer address cannot be empty")
    }

I assume this would need to be changed for all SDK messages, but I have not checked.

For Admin Use

[ ] Not duplicate issue
[ ] Appropriate labels applied
[ ] Appropriate contributors tagged
[ ] Contributor assigned/self-assigned

good first issue ibc

Source

colin-axner

All 7 comments

Feel free to close if this is a not an issue

cc/ @anilCSE @amaurymartiny @blushi @atheeshp

colin-axner on 28 Oct 2020

Basic validation is now using AccAddressFromBech32 directly to validate account address (https://github.com/cosmos/cosmos-sdk/blob/master/types/address.go#L126-L128, https://github.com/cosmos/cosmos-sdk/blob/master/types/address.go#L137). So may be we should update all IBC signer validations with something like:

_, err := sdk.AccAddressFromBech32(msg.Signer)
if err != nil {
    return err
}

anilCSE on 28 Oct 2020

👍1

@anilCSE sounds good, thanks for the reply. Will update the issue

colin-axner on 29 Oct 2020

not sure if the proposed solution applies to ibc transfers though? as the sender could be from a chain with a different prefix. This is why we changed the address to string in that package in the first place. cc: @cwgoes

fedekunze on 2 Nov 2020

We should not validate the address in a way which will fail if the account prefix is different, that is intentional. I think checking that the address isn't an empty string is fine, but we probably shouldn't validate any more since connected chains may use totally different formats (e.g. they may not even be using the Cosmos SDK).