-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
items from first channel upgrades security audit session #5664
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #5664 +/- ##
=======================================
Coverage 81.16% 81.17%
=======================================
Files 199 199
Lines 15278 15286 +8
=======================================
+ Hits 12401 12409 +8
Misses 2408 2408
Partials 469 469
|
sgtm, would prefer PRs since its an easier workflow to not make mistakes in but lets give this a shot. Would be nice to sync up via slack when people plan to push so we don't end up with weird conflicts. also no force pushing! |
Do not create a new errChanUpgradeFailed for logging/returning, it obfuscates the logic and does not yield much benefit.
Wrap the error before returning as is done in ChannelUpgradeInit.
…voked _before_ core state is written.
…, add fmt.Errorf wrap test case.
Move log into the if to only log if channel state actually changes. Could be moved outside for both cases but might then be logging when channel state doesn't change.
I see we've done all things from the list so opening this up for review/e2e run. Feel free to make draft if I missed something. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look great to me, pending the decision on the order of calling the callback. Great work @DimitrisJim and @charleenfei completing all the audit issues in less than 24 hours! 🦾
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great thank you! I left a couple of small suggestions
for { | ||
_, ok := err.(*UpgradeError) | ||
if ok { | ||
return true | ||
} | ||
|
||
if err = errors.Unwrap(err); err == nil { | ||
return false | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the presence of this function, means we can actually update the Unwrap
fn of the UpgradeError
type, I believe it can just be
// Unwrap returns the base error that caused the upgrade to fail.
func (u *UpgradeError) Unwrap() error {
return errors.Unwrap(u.err)
}
And the corresponding test can be updated to
// TestUpgradeErrorUnwrap tests that the underlying error is not modified when Unwrap is called.
func (suite *TypesTestSuite) TestUpgradeErrorUnwrap() {
baseUnderlyingError := errorsmod.Wrap(types.ErrInvalidChannel, "base error")
wrappedErr := errorsmod.Wrap(baseUnderlyingError, "wrapped error")
upgradeError := types.NewUpgradeError(1, wrappedErr)
originalUpgradeError := upgradeError.Error()
unWrapped := errors.Unwrap(upgradeError)
postUnwrapUpgradeError := upgradeError.Error()
suite.Require().Equal(baseUnderlyingError, unWrapped, "unwrapped error was not equal to base underlying error")
suite.Require().Equal(originalUpgradeError, postUnwrapUpgradeError, "original error was modified when unwrapped")
}
I think I like this better since it becomes more of a direct passthrough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this would return nil
on unwrapping a simple wrapped err no? UpgradeError { err: types.ErrInvalidChannel }
would call errors.Unwrap(types.ErrInvalidChannel)
which returns nil
yea?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, nil
is returned if err
is just a single unwrapped error in that case
I can take care of addressing review(s) |
Co-authored-by: Cian Hatton <cian@interchain.io>
- Prefer using SetChannelState over look-up channel, modify, set. - Add deeply test case with error wrapped multiple times.
channel.State = types.FLUSHCOMPLETE | ||
k.SetChannel(ctx, portID, channelID, channel) | ||
k.Logger(ctx).Info("channel state updated", "port-id", portID, "channel-id", channelID, "previous-state", previousState, "new-state", channel.State) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I guess the reason we had to the logger at the bottom is that startFlushing
might move the channel state from OPEN to FLUSHING, but, the previous channel state also could have been FLUSHING. A bit of a rock and a hard place
Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks everyone pushing commits! Big thanks to @DimitrisJim for following up on review comments!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you all! 🚀
for { | ||
_, ok := err.(*UpgradeError) | ||
if ok { | ||
return true | ||
} | ||
|
||
if err = errors.Unwrap(err); err == nil { | ||
return false | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, nil
is returned if err
is just a single unwrapped error in that case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work!
* some items from the security audit * update tests for cancelling when channel is in FLUSHCOMPLETE * remove duplicate test * nit: Move wrapping of returned error to direct return statement. Do not create a new errChanUpgradeFailed for logging/returning, it obfuscates the logic and does not yield much benefit. * nit: consistency in err return cbs.OnChanUpgradeTry Wrap the error before returning as is done in ChannelUpgradeInit. * add comment * nit: Call application callbacks before performing any state change operations. * chore: Add documentation indicating to app devs that callbacks are invoked _before_ core state is written. * upgrade error * nit: Add note on handling wrapped error in IsUpgradeError docu string, add fmt.Errorf wrap test case. * Update modules/core/04-channel/types/upgrade_test.go * chore: Use consistent logging in writeUpgradeAck + writeUpgradeConfirm Move log into the if to only log if channel state actually changes. Could be moved outside for both cases but might then be logging when channel state doesn't change. * Apply suggestions from code review Co-authored-by: Cian Hatton <cian@interchain.io> * nit: review comments from Cian. - Prefer using SetChannelState over look-up channel, modify, set. - Add deeply test case with error wrapped multiple times. * nit: Address Colin's comment * nit: just linter thangs. * Apply suggestions from code review Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> * nit: Fix linter flatten if else. --------- Co-authored-by: DimitrisJim <d.f.hilliard@gmail.com> Co-authored-by: Charly <charly@interchain.berlin> Co-authored-by: Charly <charly@interchain.io> Co-authored-by: Cian Hatton <cian@interchain.io> Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> (cherry picked from commit 41501a2) # Conflicts: # docs/docs/01-ibc/06-channel-upgrades.md
) (#5688) * items from first channel upgrades security audit session (#5664) * some items from the security audit * update tests for cancelling when channel is in FLUSHCOMPLETE * remove duplicate test * nit: Move wrapping of returned error to direct return statement. Do not create a new errChanUpgradeFailed for logging/returning, it obfuscates the logic and does not yield much benefit. * nit: consistency in err return cbs.OnChanUpgradeTry Wrap the error before returning as is done in ChannelUpgradeInit. * add comment * nit: Call application callbacks before performing any state change operations. * chore: Add documentation indicating to app devs that callbacks are invoked _before_ core state is written. * upgrade error * nit: Add note on handling wrapped error in IsUpgradeError docu string, add fmt.Errorf wrap test case. * Update modules/core/04-channel/types/upgrade_test.go * chore: Use consistent logging in writeUpgradeAck + writeUpgradeConfirm Move log into the if to only log if channel state actually changes. Could be moved outside for both cases but might then be logging when channel state doesn't change. * Apply suggestions from code review Co-authored-by: Cian Hatton <cian@interchain.io> * nit: review comments from Cian. - Prefer using SetChannelState over look-up channel, modify, set. - Add deeply test case with error wrapped multiple times. * nit: Address Colin's comment * nit: just linter thangs. * Apply suggestions from code review Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> * nit: Fix linter flatten if else. --------- Co-authored-by: DimitrisJim <d.f.hilliard@gmail.com> Co-authored-by: Charly <charly@interchain.berlin> Co-authored-by: Charly <charly@interchain.io> Co-authored-by: Cian Hatton <cian@interchain.io> Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> (cherry picked from commit 41501a2) # Conflicts: # docs/docs/01-ibc/06-channel-upgrades.md * nit: rm docs. --------- Co-authored-by: Carlos Rodriguez <carlos@interchain.io> Co-authored-by: DimitrisJim <d.f.hilliard@gmail.com>
Description
I have created this branch where we can tackle the issues from the audit. @DimitrisJim @charleenfei please pick any items from the list and push to this branch, I thought doing it like this would be easier and faster than opening individual issues (and then we only need to backport one PR). I think the issues are small enough that should be easy to review all of them in one PR.
closes: #XXXX
Commit Message / Changelog Entry
see the guidelines for commit messages. (view raw markdown for examples)
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/
) or specification (x/<module>/spec/
).godoc
comments.Files changed
in the Github PR explorer.Codecov Report
in the comment section below once CI passes.