Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Validation of ConsensusParams update doesn't follow CometBFT spec #20313

Closed
1 task done
sergio-mena opened this issue May 8, 2024 · 2 comments · Fixed by #20347
Closed
1 task done

[Bug]: Validation of ConsensusParams update doesn't follow CometBFT spec #20313

sergio-mena opened this issue May 8, 2024 · 2 comments · Fixed by #20347
Labels
T:Bug

Comments

@sergio-mena
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

The ConsensusParams validator carried out by consensusParamsKeeper.UpdateParams is stateless. Therefore a malformed (or malicious) proposal may introduce ill-formed ConsensusParams in the module's store.

Cosmos SDK Version

0.50

How to reproduce?

  • Set up an example chain with simapp, with just one validator
  • Edit the genesis file to reduce gov's expedited_voting_period to 1 minute
  • Start the node (the validator)
  • Prepare a gov proposal with the following message:
{
  "@type": "/cosmos.consensus.v1.MsgUpdateParams",
  ...  
  "abci": {
    "vote_extensions_enable_height": 1
  }
}
  • Make sure that the json has sensible values for all other fields of message cosmos.consensus.v1.MsgUpdateParams
  • Submit the proposal and vote "yes"
  • When the proposal passed, the chain will halt, as we are setting the Vote Extension enable height to a past heigh

These repro steps are the simplest, there are other cases when the ConsensusParams in the module's store are incorrect/incomplete.
@sergio-mena sergio-mena mentioned this issue May 8, 2024
Closed
12 tasks
@sergio-mena
Copy link
Contributor Author

Take a look at the proposed fix in #20314

@sergio-mena sergio-mena mentioned this issue May 10, 2024
Merged
12 tasks
@sergio-mena
Copy link
Contributor Author

sergio-mena commented May 10, 2024
edited

And (extended) version for main: #20347

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T:Bug
Projects
Cosmos-SDK
Status: 🥳 Done
Milestone
No milestone
1 participant
@sergio-mena