fix(x/distribution): vulnerable incrementReferenceCount in distributi…

…on (#19301) Co-authored-by: Aleksandr Bezobchuk <[email protected]> Co-authored-by: Likhita Polavarapu <[email protected]>
cosmos · Feb 7, 2024 · 4b8f326 · 4b8f326
1 parent e604e54
commit 4b8f326
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/x/distribution/CHANGELOG.md b/x/distribution/CHANGELOG.md
@@ -66,3 +66,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 ### Client Breaking Changes
 
 * [#17657](https://github.com/cosmos/cosmos-sdk/pull/17657) Deprecate `CommunityPool` and `FundCommunityPool` rpc methods. Use `x/protocolpool` module's rpc methods instead.
+
+### Bug Fixes
+
+* [#19301](https://github.com/cosmos/cosmos-sdk/pull/19301) Fix vulnerability in `incrementReferenceCount` in distribution.
diff --git a/x/distribution/keeper/validator.go b/x/distribution/keeper/validator.go
@@ -124,10 +124,11 @@ func (k Keeper) incrementReferenceCount(ctx context.Context, valAddr sdk.ValAddr
 	if err != nil {
 		return err
 	}
+
+	historical.ReferenceCount++
 	if historical.ReferenceCount > 2 {
 		panic("reference count should never exceed 2")
 	}
-	historical.ReferenceCount++
 	return k.ValidatorHistoricalRewards.Set(ctx, collections.Join(valAddr, period), historical)
 }