About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

x/group can halt when erroring in EndBlocker - 1612

Interchain FoundationPosted 1 Year Ago
  • A vulnerability in the Cosmos SDK group module led to a chain panic. It's well known that an error or panic in the either the begin blocker or the end blocker in Cosmos results in a chain halt.
  • From reading the patch, it appears that the only real change that was made was around error handling. If a call to k.Tally was made with an error, then an error used to be returned. If you follow this up the call chain, then this results in an error being returned to the EndBlocker call.
  • I'm unsure exactly what error could have resulted in this. If this were me, I would have saw the potential for a DoS in the EndBlocker and then looked for ways to trigger an error within the processing of a group.
  • To remediate the issue, the function doesn't return an error. Instead, it just prunes the votes, sets the status to rejected, and emits an event.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed