Unhandled Error in CommitParticipation

[Hellobloc]

Intro

The unhandled errors in the SendCoins operation can lead to the possibility of executing a CommitParticipation action without any payment. In the code referenced, the errors returned from SendCoins are not properly processed, resulting in the inability for tracking errors due to insufficient balance. Consequently, malicious users can perform CommitParticipation actions without incurring any costs.

func (k Keeper) CommitParticipation(ctx sdk.Context, participant sdk.AccAddress, msg *types.MsgCommitParticipationRequest) error {
	// get IDO
	ido, err := k.GetIDOByID(ctx, msg.ProjectId)
	if err != nil {
		return err
	}

	// get project
	project, err := k.launchpadKeeper.GetProjectById(ctx, msg.ProjectId)
	if err != nil {
		return err
	}

	// validate
	var tokenBought sdk.Coins
	var entry types.Entry

	if err := k.validateCommitParticipation(ctx, participant, &tokenBought, &entry, ido, project, msg); err != nil {
		return err
	}

	// transfer funds from user wallet to project and vice versa
	k.bankKeeper.SendCoins(ctx, sdk.AccAddress(project.GetProjectAddress()), participant, tokenBought)
	k.bankKeeper.SendCoins(ctx, participant, sdk.AccAddress(project.GetProjectAddress()), msg.GetTokenCommit())

	ido.TokenForDistribution = ido.TokenForDistribution.Sub(tokenBought)
	ido.TotalDistributedAmount = ido.TotalDistributedAmount.Add(tokenBought...)

	// update entries
	ido.Entries[entry.Participant] = entry

	// save IDO to KV stores and register to launchpad
	if err := k.SetIDOAndRegisterLaunchpad(ctx, ido); err != nil {
		return err
	}

	return nil
}

Link to Code

Recommendation

Implement an error handling mechanism for the SendCoins operation.

REF

ignite/cli#2828
https://github.com/crytic/building-secure-contracts/tree/master/not-so-smart-contracts/cosmos/missing_error_handler