Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

None Payment TipPost Caused by Unhandled Error #9

Open
Hellobloc opened this issue Oct 9, 2024 · 0 comments
Open

None Payment TipPost Caused by Unhandled Error #9

Hellobloc opened this issue Oct 9, 2024 · 0 comments

Comments

@Hellobloc
Copy link

Intro

The unhandled errors in the SendCoins operation can lead to the possibility of executing a Tip Post action without any payment. In the code referenced, the errors returned from SendCoins are not properly managed, resulting in the inability of the system to track failures due to insufficient balance. Consequently, malicious users can perform Tip Post actions without incurring any costs.

func (k msgServer) TipPost(goCtx context.Context, msg *types.MsgTipPost) (*types.MsgTipPostResponse, error) {
	ctx := sdk.UnwrapSDKContext(goCtx)

	uid, _ := strconv.ParseUint(msg.Uid, 10, 64)

	tipAmount, _ := sdk.NewIntFromString(msg.Amount)

	tip := sdk.NewCoin("kudos", tipAmount)

	// Test if post exists
	post, found := k.GetPost(ctx, uid)
	if !found {
		return nil, sdkerrors.Wrapf(types.ErrPostDoesNotExist, "%s", msg.Uid)
	}

	post.Tips = post.Tips.Add(tip)

	k.SetPost(ctx, post)

	haven, _ := k.GetHaven(ctx, post.Haven)

	havenTip := (tip.Amount.Mul(sdk.NewIntFromUint64(haven.Rake))).Quo(sdk.NewInt(100))
	postTip := tip.Amount.Sub(havenTip)

	haven.Earnings = haven.Earnings.AddAmount(havenTip)

	k.SetHaven(ctx, haven)

	havenCoins := sdk.NewCoin("kudos", havenTip)
	postCoins := sdk.NewCoin("kudos", postTip)

	// moduleAcc := sdk.AccAddress(crypto.AddressHash([]byte(types.ModuleName)))
	creator, _ := sdk.AccAddressFromBech32(msg.Creator)
	havenOwner, _ := sdk.AccAddressFromBech32(haven.Owner)
	postOwner, _ := sdk.AccAddressFromBech32(post.Owner)

	k.bankKeeper.SendCoins(ctx, creator, havenOwner, sdk.NewCoins(havenCoins))
	k.bankKeeper.SendCoins(ctx, creator, postOwner, sdk.NewCoins(postCoins))

	return &types.MsgTipPostResponse{}, nil
}

Link to Code

Recommendation

Implement an error handling mechanism for the SendCoins operation.

REF

ignite/cli#2828
https://github.com/crytic/building-secure-contracts/tree/master/not-so-smart-contracts/cosmos/missing_error_handler

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant