From 47a5e9fec430428b559a7c7ba7ec5e43774f7197 Mon Sep 17 00:00:00 2001 From: jaeseung-bae <119839167+jaeseung-bae@users.noreply.github.com> Date: Fri, 15 Mar 2024 18:12:33 +0900 Subject: [PATCH] fix: add non-zero check of nextTokenID.Id for genesis (#1276) * fix: add non-zero check of nextTokenID.Id for genesis * chore: add testcase * chore: update changelog * chore: move validation logic to validate function * chore: add testcase --- CHANGELOG.md | 1 + x/collection/genesis.go | 7 +++++-- x/collection/genesis_test.go | 11 +++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ac04e13c8..ae00fbdc8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,6 +54,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * chore(deps) [\#1141](https://github.com/Finschia/finschia-sdk/pull/1141) Bump github.com/cosmos/ledger-cosmos-go from 0.12.2 to 0.13.2 to fix ledger signing issue * (x/auth, x/slashing) [\#1179](https://github.com/Finschia/finschia-sdk/pull/1179) modify missing changes of converting to tendermint * (x/auth) [#1274](https://github.com/Finschia/finschia-sdk/pull/1274) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. +* (x/collection) [\#1276](https://github.com/Finschia/finschia-sdk/pull/1276) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis ### Removed diff --git a/x/collection/genesis.go b/x/collection/genesis.go index ac08c34fe0..028101b3f7 100644 --- a/x/collection/genesis.go +++ b/x/collection/genesis.go @@ -64,8 +64,11 @@ func ValidateGenesis(data GenesisState) error { if len(contractNextTokenIDs.TokenIds) == 0 { return sdkerrors.ErrInvalidRequest.Wrap("next token ids cannot be empty") } - for _, nextTokenIDs := range contractNextTokenIDs.TokenIds { - if err := ValidateClassID(nextTokenIDs.ClassId); err != nil { + for _, nextTokenID := range contractNextTokenIDs.TokenIds { + if nextTokenID.Id.IsZero() { + return sdkerrors.ErrInvalidRequest.Wrap("nextTokenID.Id is not supposed to be zero") + } + if err := ValidateClassID(nextTokenID.ClassId); err != nil { return err } } diff --git a/x/collection/genesis_test.go b/x/collection/genesis_test.go index d4c7d0a7c1..4fcc543541 100644 --- a/x/collection/genesis_test.go +++ b/x/collection/genesis_test.go @@ -445,6 +445,17 @@ func TestValidateGenesis(t *testing.T) { }, false, }, + "should throw error when next token id is zero in genesis": { + &collection.GenesisState{ + Params: collection.Params{}, + NextTokenIds: []collection.ContractNextTokenIDs{ + {ContractId: "deadbeef", TokenIds: []collection.NextTokenID{ + {ClassId: "deadbeef", Id: sdk.NewUint(0)}, + }}, + }, + }, + false, + }, } for name, tc := range testCases {