Lines of code
<https://github.com/cosmos/cosmos-sdk/blob/main/x/authz/keeper/keeper.go#L67>
A panic might occur when calling CreatePool and stop the app
#Proof of Concept
here we can see CreatePool is creating new struct pool which call k,GetStandardDenom as value for StandardDenom key. now lets check GetStandardDenom body:
func (k Keeper) GetStandardDenom(ctx sdk.Context) string {
store := ctx.KVStore(k.storeKey)
bz := store.Get(types.KeyStandardDenom)
var denomWrap = gogotypes.StringValue{}
k.cdc.MustUnmarshal(bz, &denomWrap)
return denomWrap.Value
}
bz value is not checked as if it equal nil or not before calling MustUnmarshal and that will result panic in the program. few examples from cosmos sdk itself about the correct practice to avoid the panic issue:
<https://github.com/cosmos/cosmos-sdk/blob/main/x/authz/keeper/keeper.go#L67>
bz, err := store.Get(skey)
if err != nil {
panic(err)
}
if bz == nil {
return grant, false
}
k.cdc.MustUnmarshal(bz, &grant)
return grant, true
as you see below there a check for bz if equal nil so it doesnβt panic on MustUnmarshal. because it is possibe that KVStore would return nil for a storeKey.
Manual Review
return err if bz == nil and check k.GetStandardDenom(ctx) if it has error before creating pool := &types.Pool struct at <https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L18>
if bz == nil {
return err //or empty string
}
Other
The text was updated successfully, but these errors were encountered:
All reactions