Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Beware of Using inv-check-period to Launch Nodes #850

Open
Hellobloc opened this issue Oct 29, 2024 · 0 comments
Open

Beware of Using inv-check-period to Launch Nodes #850

Hellobloc opened this issue Oct 29, 2024 · 0 comments

Comments

@Hellobloc
Copy link

Hellobloc commented Oct 29, 2024
edited
Loading

Problem Description

truchain/Makefile

Line 68 in b9271e1

bin/truchaind start --inv-check-period 10 --log_level "main:info,state:info,*:error,app:info,account:info,trubank:info,claim:info,community:info,truslashing:info,trustaking:info"

The current startup script of this project uses the inv-check-period parameter, which means that the project will crash when invariant checks fail. This poses a significant risk, especially since some native Cosmos modules have invariant checks that can be exploited by malicious actors.

For instance, the ModuleAccountInvariant function ensures that module account coins reflect the sum of the deposit amounts held in the store. A mismatch here can lead to an inconsistent, and utilizing inv-check-period means a node panic upon detection of such inconsistencies.

Relevant Code Example:

Cosmos SDK Example

func ModuleAccountInvariant(keeper *Keeper, bk types.BankKeeper) sdk.Invariant {
    return func(ctx sdk.Context) (string, bool) {
        var expectedDeposits sdk.Coins

        err := keeper.Deposits.Walk(ctx, nil, func(key collections.Pair[uint64, sdk.AccAddress], value v1.Deposit) (stop bool, err error) {
            expectedDeposits = expectedDeposits.Add(value.Amount...)
            return false, nil
        })
        if err != nil {
            panic(err)
        }

        macc := keeper.GetGovernanceAccount(ctx)
        balances := bk.GetAllBalances(ctx, macc.GetAddress())

        // Require that the deposit balances are <= than the x/gov module's total
        // balances. We use the <= operator since external funds can be sent to x/gov
        // module's account and so the balance can be larger.
        broken := !balances.IsAllGTE(expectedDeposits)

        return sdk.FormatInvariant(types.ModuleName, "deposits",
            fmt.Sprintf("\tgov ModuleAccount coins: %s\n\tsum of deposit amounts:  %s\n",
                balances, expectedDeposits)), broken
    }
}

Suggested Solution

Given that the x/crisis functionality has been removed by Cosmos, We recommend discontinuing the use of inv-check-period. Additionally, the code should be updated to remove any constraints that inv-check-period being non-zero.

This will help prevent node crashes due to invariant check failures, thereby improving system stability and mitigating potential security risks.

References

Broken Bookkeeping in Cosmos

Cosmos SDK Remove x/crisis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hellobloc