items from first channel upgrades security audit session #5664
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
crodriguezvega
requested review from
colin-axner,
AdityaSripal and
damiannolan
as code owners
crodriguezvega
changed the title
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #5664 +/- ##
=======================================
Coverage 81.16% 81.17%
=======================================
Files 199 199
Lines 15278 15286 +8
=======================================
+ Hits 12401 12409 +8
Misses 2408 2408
Partials 469 469
|
|
sgtm, would prefer PRs since its an easier workflow to not make mistakes in but lets give this a shot. Would be nice to sync up via slack when people plan to push so we don't end up with weird conflicts. also no force pushing! |
Do not create a new errChanUpgradeFailed for logging/returning, it obfuscates the logic and does not yield much benefit.
Wrap the error before returning as is done in ChannelUpgradeInit.
…voked _before_ core state is written.
…, add fmt.Errorf wrap test case.
DimitrisJim
reviewed
Jan 19, 2024
Move log into the if to only log if channel state actually changes. Could be moved outside for both cases but might then be logging when channel state doesn't change.
DimitrisJim
requested review from
charleenfei,
chatton and
srdtrk
as code owners
|
I see we've done all things from the list so opening this up for review/e2e run. Feel free to make draft if I missed something. |
crodriguezvega
commented
Jan 19, 2024
There was a problem hiding this comment.
Changes look great to me, pending the decision on the order of calling the callback. Great work @DimitrisJim and @charleenfei completing all the audit issues in less than 24 hours! 🦾
colin-axner
reviewed
Jan 22, 2024
chatton
reviewed
Jan 22, 2024
Comment on lines
+125
to
+134
| for { | ||
| _, ok := err.(*UpgradeError) | ||
| if ok { | ||
| return true | ||
| } | ||
|
|
||
| if err = errors.Unwrap(err); err == nil { | ||
| return false | ||
| } | ||
| } |
There was a problem hiding this comment.
the presence of this function, means we can actually update the Unwrap fn of the UpgradeError type, I believe it can just be
// Unwrap returns the base error that caused the upgrade to fail.
func (u *UpgradeError) Unwrap() error {
return errors.Unwrap(u.err)
}And the corresponding test can be updated to
// TestUpgradeErrorUnwrap tests that the underlying error is not modified when Unwrap is called.
func (suite *TypesTestSuite) TestUpgradeErrorUnwrap() {
baseUnderlyingError := errorsmod.Wrap(types.ErrInvalidChannel, "base error")
wrappedErr := errorsmod.Wrap(baseUnderlyingError, "wrapped error")
upgradeError := types.NewUpgradeError(1, wrappedErr)
originalUpgradeError := upgradeError.Error()
unWrapped := errors.Unwrap(upgradeError)
postUnwrapUpgradeError := upgradeError.Error()
suite.Require().Equal(baseUnderlyingError, unWrapped, "unwrapped error was not equal to base underlying error")
suite.Require().Equal(originalUpgradeError, postUnwrapUpgradeError, "original error was modified when unwrapped")
}I think I like this better since it becomes more of a direct passthrough.
There was a problem hiding this comment.
this would return nil on unwrapping a simple wrapped err no? UpgradeError { err: types.ErrInvalidChannel } would call errors.Unwrap(types.ErrInvalidChannel) which returns nil yea?
There was a problem hiding this comment.
Yeah, nil is returned if err is just a single unwrapped error in that case
|
I can take care of addressing review(s) |
Co-authored-by: Cian Hatton <cian@interchain.io>
- Prefer using SetChannelState over look-up channel, modify, set. - Add deeply test case with error wrapped multiple times.
colin-axner
reviewed
Jan 22, 2024
| channel.State = types.FLUSHCOMPLETE | ||
| k.SetChannel(ctx, portID, channelID, channel) | ||
| k.Logger(ctx).Info("channel state updated", "port-id", portID, "channel-id", channelID, "previous-state", previousState, "new-state", channel.State) |
There was a problem hiding this comment.
Hmm, I guess the reason we had to the logger at the bottom is that startFlushing might move the channel state from OPEN to FLUSHING, but, the previous channel state also could have been FLUSHING. A bit of a rock and a hard place
colin-axner
reviewed
Jan 22, 2024
Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com>
colin-axner
approved these changes
Jan 22, 2024
There was a problem hiding this comment.
Thanks everyone pushing commits! Big thanks to @DimitrisJim for following up on review comments!
damiannolan
approved these changes
Jan 23, 2024
Comment on lines
+125
to
+134
| for { | ||
| _, ok := err.(*UpgradeError) | ||
| if ok { | ||
| return true | ||
| } | ||
|
|
||
| if err = errors.Unwrap(err); err == nil { | ||
| return false | ||
| } | ||
| } |
There was a problem hiding this comment.
Yeah, nil is returned if err is just a single unwrapped error in that case
mergify bot
pushed a commit
that referenced
this pull request
Jan 23, 2024
* some items from the security audit * update tests for cancelling when channel is in FLUSHCOMPLETE * remove duplicate test * nit: Move wrapping of returned error to direct return statement. Do not create a new errChanUpgradeFailed for logging/returning, it obfuscates the logic and does not yield much benefit. * nit: consistency in err return cbs.OnChanUpgradeTry Wrap the error before returning as is done in ChannelUpgradeInit. * add comment * nit: Call application callbacks before performing any state change operations. * chore: Add documentation indicating to app devs that callbacks are invoked _before_ core state is written. * upgrade error * nit: Add note on handling wrapped error in IsUpgradeError docu string, add fmt.Errorf wrap test case. * Update modules/core/04-channel/types/upgrade_test.go * chore: Use consistent logging in writeUpgradeAck + writeUpgradeConfirm Move log into the if to only log if channel state actually changes. Could be moved outside for both cases but might then be logging when channel state doesn't change. * Apply suggestions from code review Co-authored-by: Cian Hatton <cian@interchain.io> * nit: review comments from Cian. - Prefer using SetChannelState over look-up channel, modify, set. - Add deeply test case with error wrapped multiple times. * nit: Address Colin's comment * nit: just linter thangs. * Apply suggestions from code review Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> * nit: Fix linter flatten if else. --------- Co-authored-by: DimitrisJim <d.f.hilliard@gmail.com> Co-authored-by: Charly <charly@interchain.berlin> Co-authored-by: Charly <charly@interchain.io> Co-authored-by: Cian Hatton <cian@interchain.io> Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> (cherry picked from commit 41501a2) # Conflicts: # docs/docs/01-ibc/06-channel-upgrades.md
damiannolan
pushed a commit
that referenced
this pull request
Jan 23, 2024
) (#5688) * items from first channel upgrades security audit session (#5664) * some items from the security audit * update tests for cancelling when channel is in FLUSHCOMPLETE * remove duplicate test * nit: Move wrapping of returned error to direct return statement. Do not create a new errChanUpgradeFailed for logging/returning, it obfuscates the logic and does not yield much benefit. * nit: consistency in err return cbs.OnChanUpgradeTry Wrap the error before returning as is done in ChannelUpgradeInit. * add comment * nit: Call application callbacks before performing any state change operations. * chore: Add documentation indicating to app devs that callbacks are invoked _before_ core state is written. * upgrade error * nit: Add note on handling wrapped error in IsUpgradeError docu string, add fmt.Errorf wrap test case. * Update modules/core/04-channel/types/upgrade_test.go * chore: Use consistent logging in writeUpgradeAck + writeUpgradeConfirm Move log into the if to only log if channel state actually changes. Could be moved outside for both cases but might then be logging when channel state doesn't change. * Apply suggestions from code review Co-authored-by: Cian Hatton <cian@interchain.io> * nit: review comments from Cian. - Prefer using SetChannelState over look-up channel, modify, set. - Add deeply test case with error wrapped multiple times. * nit: Address Colin's comment * nit: just linter thangs. * Apply suggestions from code review Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> * nit: Fix linter flatten if else. --------- Co-authored-by: DimitrisJim <d.f.hilliard@gmail.com> Co-authored-by: Charly <charly@interchain.berlin> Co-authored-by: Charly <charly@interchain.io> Co-authored-by: Cian Hatton <cian@interchain.io> Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> (cherry picked from commit 41501a2) # Conflicts: # docs/docs/01-ibc/06-channel-upgrades.md * nit: rm docs. --------- Co-authored-by: Carlos Rodriguez <carlos@interchain.io> Co-authored-by: DimitrisJim <d.f.hilliard@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
I have created this branch where we can tackle the issues from the audit. @DimitrisJim @charleenfei please pick any items from the list and push to this branch, I thought doing it like this would be easier and faster than opening individual issues (and then we only need to backport one PR). I think the issues are small enough that should be easy to review all of them in one PR.
closes: #XXXX
Commit Message / Changelog Entry
see the guidelines for commit messages. (view raw markdown for examples)
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/) or specification (x/<module>/spec/).godoccomments.Files changedin the Github PR explorer.Codecov Reportin the comment section below once CI passes.