Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: prevent signing from wrong key in multisig #1319

Merged
merged 5 commits into from
Mar 28, 2024
Merged

fix: prevent signing from wrong key in multisig #1319

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
553bcae
Add multisig check
ulbqb Mar 27, 2024
af40b98
Update CHANGELOG
ulbqb Mar 27, 2024
18693d9
Merge branch 'main' into fix/multisig
ulbqb Mar 27, 2024
8ccfbcc
Merge branch 'main' into fix/multisig
ulbqb Mar 27, 2024
f53aba1
Update CHANGELOG.md
ulbqb Mar 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
* (store) [\#1310](https://github.com/Finschia/finschia-sdk/pull/1310) fix app-hash mismatch if upgrade migration commit is interrupted(backport cosmos/cosmos-sdk#13530)
* (types) [\#1313](https://github.com/Finschia/finschia-sdk/pull/1313) fix correctly coalesce coins even with repeated denominations(backport cosmos/cosmos-sdk#13265)
* (x/crypto) [\#1316](https://github.com/Finschia/finschia-sdk/pull/1316) error if incorrect ledger public key (backport cosmos/cosmos-sdk#14460, cosmos/cosmos-sdk#19691)
* (x/auth) [#1319](https://github.com/Finschia/finschia-sdk/pull/1319) prevent signing from wrong key in multisig

### Removed

Expand Down
10 changes: 10 additions & 0 deletions x/auth/client/cli/tx_multisign.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,3 +413,13 @@

return multisigInfo, nil
}

func getMultisigRecord(clientCtx client.Context, name string) (keyring.Info, error) {
kb := clientCtx.Keyring
multisigRecord, err := kb.Key(name)
if err != nil {
return nil, errors.Wrap(err, "error getting keybase multisig account")

Check warning on line 421 in x/auth/client/cli/tx_multisign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_multisign.go#L417-L421 

Added lines #L417 - L421 were not covered by tests
}

return multisigRecord, nil

Check warning on line 424 in x/auth/client/cli/tx_multisign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_multisign.go#L424 

Added line #L424 was not covered by tests
}
31 changes: 25 additions & 6 deletions x/auth/client/cli/tx_sign.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"github.com/Finschia/finschia-sdk/client"
"github.com/Finschia/finschia-sdk/client/flags"
"github.com/Finschia/finschia-sdk/client/tx"
sdk "github.com/Finschia/finschia-sdk/types"
kmultisig "github.com/Finschia/finschia-sdk/crypto/keys/multisig"
authclient "github.com/Finschia/finschia-sdk/x/auth/client"
)

Expand Down Expand Up @@ -258,14 +258,33 @@

overwrite, _ := f.GetBool(flagOverwrite)
if multisig != "" {
multisigAddr, err := sdk.AccAddressFromBech32(multisig)
// Bech32 decode error, maybe it's a name, we try to fetch from keyring
multisigAddr, multisigName, _, err := client.GetFromFields(txFactory.Keybase(), multisig, clientCtx.GenerateOnly)

Check warning on line 262 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L262 

Added line #L262 was not covered by tests
if err != nil {
// Bech32 decode error, maybe it's a name, we try to fetch from keyring
multisigAddr, _, _, err = client.GetFromFields(txFactory.Keybase(), multisig, clientCtx.GenerateOnly)
if err != nil {
return fmt.Errorf("error getting account from keybase: %w", err)
return fmt.Errorf("error getting account from keybase: %w", err)

Check warning on line 264 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L264 

Added line #L264 was not covered by tests
}
multisigkey, err := getMultisigRecord(clientCtx, multisigName)
if err != nil {
return err

Check warning on line 268 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L266-L268 

Added lines #L266 - L268 were not covered by tests
}
multisigPubKey := multisigkey.GetPubKey()
multisigLegacyPub := multisigPubKey.(*kmultisig.LegacyAminoPubKey)

Check warning on line 271 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L270-L271 

Added lines #L270 - L271 were not covered by tests

fromRecord, err := clientCtx.Keyring.Key(fromName)
if err != nil {
return fmt.Errorf("error getting account from keybase: %w", err)

Check warning on line 275 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L273-L275 

Added lines #L273 - L275 were not covered by tests
}
fromPubKey := fromRecord.GetPubKey()

Check warning on line 277 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L277 

Added line #L277 was not covered by tests

var found bool
for _, pubkey := range multisigLegacyPub.GetPubKeys() {
if pubkey.Equals(fromPubKey) {
found = true

Check warning on line 282 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L279-L282 

Added lines #L279 - L282 were not covered by tests
}
}
if !found {
return fmt.Errorf("signing key is not a part of multisig key")

Check warning on line 286 in x/auth/client/cli/tx_sign.go

View check run for this annotation

Codecov / codecov/patch

x/auth/client/cli/tx_sign.go#L285-L286 

Added lines #L285 - L286 were not covered by tests
}
err = authclient.SignTxWithSignerAddress(
txF, clientCtx, multisigAddr, fromName, txBuilder, clientCtx.Offline, overwrite)
if err != nil {
Expand Down
18 changes: 16 additions & 2 deletions x/auth/client/testutil/suite.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ func (s *IntegrationTestSuite) SetupSuite() {
account2, _, err := kb.NewMnemonic("newAccount2", keyring.English, sdk.FullFundraiserPath, keyring.DefaultBIP39Passphrase, hd.Secp256k1)
s.Require().NoError(err)

// Create a dummy account for testing purpose
_, _, err = kb.NewMnemonic("dummyAccount", keyring.English, sdk.FullFundraiserPath, keyring.DefaultBIP39Passphrase, hd.Secp256k1)
s.Require().NoError(err)

multi := kmultisig.NewLegacyAminoPubKey(2, []cryptotypes.PubKey{account1.GetPubKey(), account2.GetPubKey()})
_, err = kb.SaveMultisig("multi", multi)
s.Require().NoError(err)
Expand Down Expand Up @@ -789,6 +793,10 @@ func (s *IntegrationTestSuite) TestCLIMultisignSortSignatures() {
multisigInfo, err := val1.ClientCtx.Keyring.Key("multi")
s.Require().NoError(err)

// Generate dummy account which is not a part of multisig.
dummyAcc, err := val1.ClientCtx.Keyring.Key("dummyAccount")
s.Require().NoError(err)

resp, err := bankcli.QueryBalancesExec(val1.ClientCtx, multisigInfo.GetAddress())
s.Require().NoError(err)

Expand Down Expand Up @@ -841,12 +849,18 @@ func (s *IntegrationTestSuite) TestCLIMultisignSortSignatures() {

sign1File := testutil.WriteToNewTempFile(s.T(), account1Signature.String())

// Sign with account1
// Sign with account2
account2Signature, err := TxSignExec(val1.ClientCtx, account2.GetAddress(), multiGeneratedTxFile.Name(), "--multisig", multisigInfo.GetAddress().String())
s.Require().NoError(err)

sign2File := testutil.WriteToNewTempFile(s.T(), account2Signature.String())

// Sign with dummy account
dummyAddr := dummyAcc.GetAddress()
_, err = TxSignExec(val1.ClientCtx, dummyAddr, multiGeneratedTxFile.Name(), "--multisig", multisigInfo.GetAddress().String())
s.Require().Error(err)
s.Require().Contains(err.Error(), "signing key is not a part of multisig key")

multiSigWith2Signatures, err := TxMultiSignExec(val1.ClientCtx, multisigInfo.GetName(), multiGeneratedTxFile.Name(), sign1File.Name(), sign2File.Name())
s.Require().NoError(err)

Expand Down Expand Up @@ -901,7 +915,7 @@ func (s *IntegrationTestSuite) TestSignWithMultisig() {
// as the main point of this test is to test the `--multisig` flag with an address
// that is not in the keyring.
_, err = TxSignExec(val1.ClientCtx, addr1, multiGeneratedTx2File.Name(), "--multisig", multisigAddr.String())
s.Require().Contains(err.Error(), "tx intended signer does not match the given signer")
s.Require().Contains(err.Error(), "error getting account from keybase")
}

func (s *IntegrationTestSuite) TestCLIMultisign() {
Expand Down
Loading