From 8b29b5ee80e186130f325f4c5fbe7358113bac4d Mon Sep 17 00:00:00 2001 From: TAKASE Ryo Date: Mon, 3 Jul 2023 17:09:14 +0900 Subject: [PATCH] fix: fix dynamic link APIs do not panic with invalid bech32 (#57) * fix: fix wasmd command in init_single.sh * fix: do error handling for invalid address in dynamic link apis * docs: add this PR to CHANGELOG.md --- CHANGELOG.md | 1 + init_single.sh | 2 +- x/wasmplus/keeper/api.go | 12 ++++++++++-- x/wasmplus/keeper/api_test.go | 20 ++++++++++++++++++++ 4 files changed, 32 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b20a189e15..41f7a2dd91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * [\#36](https://github.com/Finschia/wasmd/pull/36) separate `x/wasm` into `x/wasmplus` module of dynamiclink ### Bug Fixes +* [\#57](https://github.com/Finschia/wasmd/pull/57) fix dynamic link APIs do not panic with invalid bech32 * [\#35](https://github.com/Finschia/wasmd/pull/35) stop wrap twice the response of handling non-plus wasm message in plus handler ### Breaking Changes diff --git a/init_single.sh b/init_single.sh index e2e4ec8965..624f0a7033 100755 --- a/init_single.sh +++ b/init_single.sh @@ -15,7 +15,7 @@ then mode="testnet" fi -WASMD=${WASMD:-wasmplusd} +WASMD=${WASMD:-wasmd} # initialize rm -rf ~/.wasmplusd diff --git a/x/wasmplus/keeper/api.go b/x/wasmplus/keeper/api.go index 7999ac3196..dbf6a5e4ea 100644 --- a/x/wasmplus/keeper/api.go +++ b/x/wasmplus/keeper/api.go @@ -19,7 +19,11 @@ type cosmwasmAPIGeneratorImpl struct { } func (a cosmwasmAPIImpl) callCallablePoint(contractAddrStr string, name []byte, args []byte, isReadonly bool, callstack []byte, gasLimit uint64) ([]byte, uint64, error) { - contractAddr := sdk.MustAccAddressFromBech32(contractAddrStr) + contractAddr, err := sdk.AccAddressFromBech32(contractAddrStr) + + if err != nil { + return nil, 0, fmt.Errorf("specified callee address is invalid: %s", err) + } if a.keeper.IsInactiveContract(*a.ctx, contractAddr) { return nil, 0, fmt.Errorf("called contract cannot be executed") @@ -29,7 +33,11 @@ func (a cosmwasmAPIImpl) callCallablePoint(contractAddrStr string, name []byte, } func (a cosmwasmAPIImpl) validateInterface(contractAddrStr string, expectedInterface []byte) ([]byte, uint64, error) { - contractAddr := sdk.MustAccAddressFromBech32(contractAddrStr) + contractAddr, err := sdk.AccAddressFromBech32(contractAddrStr) + + if err != nil { + return nil, 0, fmt.Errorf("specified contract address is invalid: %s", err) + } if a.keeper.IsInactiveContract(*a.ctx, contractAddr) { return nil, 0, fmt.Errorf("try to validate a contract cannot be executed") diff --git a/x/wasmplus/keeper/api_test.go b/x/wasmplus/keeper/api_test.go index ef1a44db27..1977e3607c 100644 --- a/x/wasmplus/keeper/api_test.go +++ b/x/wasmplus/keeper/api_test.go @@ -227,6 +227,18 @@ func TestCallCallablePoint(t *testing.T) { // reset inactive contracts keepers.WasmKeeper.deleteInactiveContract(ctx, contractAddr) }) + + t.Run("fail with invalid callee address", func(t *testing.T) { + argsEv := [][]byte{eventsInBin} + argsEvBin, err := json.Marshal(argsEv) + require.NoError(t, err) + name := "add_events_dyn" + nameBin, err := json.Marshal(name) + require.NoError(t, err) + invalidAddr := "invalidAddr" + _, _, err = api.CallCallablePoint(invalidAddr, nameBin, argsEvBin, false, callstackBin, gasLimit) + assert.ErrorContains(t, err, "specified callee address is invalid") + }) } func TestValidateDynamicLinkInterface(t *testing.T) { @@ -288,4 +300,12 @@ func TestValidateDynamicLinkInterface(t *testing.T) { // reset inactive contracts keepers.WasmKeeper.deleteInactiveContract(ctx, contractAddr) }) + + t.Run("fail with invalid contract address", func(t *testing.T) { + validInterface := []byte(`[{"name":"add_event_dyn","ty":{"params":["I32","I32","I32"],"results":[]}},{"name":"add_events_dyn","ty":{"params":["I32","I32"],"results":[]}},{"name":"add_attribute_dyn","ty":{"params":["I32","I32","I32"],"results":[]}},{"name":"add_attributes_dyn","ty":{"params":["I32","I32"],"results":[]}}]`) + invalidAddr := "invalidAddr" + _, _, err = api.ValidateInterface(invalidAddr, validInterface) + + assert.ErrorContains(t, err, "specified contract address is invalid") + }) }