fix tx validation vs execution

cosmos · Oct 17, 2024 · 9dc5acf · 9dc5acf
1 parent 553e110
commit 9dc5acf
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/x/accounts/defaults/base/account.go b/x/accounts/defaults/base/account.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 
+	"cosmossdk.io/core/transaction"
 	gogotypes "github.com/cosmos/gogoproto/types/any"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/anypb"
@@ -43,6 +44,7 @@ func NewAccount(name string, handlerMap *signing.HandlerMap, options ...Option)
 			Sequence:         collections.NewSequence(deps.SchemaBuilder, SequencePrefix, "sequence"),
 			addrCodec:        deps.AddressCodec,
 			hs:               deps.Environment.HeaderService,
+			ts:               deps.Environment.TransactionService,
 			supportedPubKeys: map[string]pubKeyImpl{},
 			signingHandlers:  handlerMap,
 		}
@@ -65,6 +67,7 @@ type Account struct {
 
 	addrCodec address.Codec
 	hs        header.Service
+	ts        transaction.Service
 
 	supportedPubKeys map[string]pubKeyImpl
 
@@ -106,7 +109,13 @@ func (a Account) Authenticate(ctx context.Context, msg *aa_interface_v1.MsgAuthe
 	}
 
 	gotSeq := msg.Tx.AuthInfo.SignerInfos[msg.SignerIndex].Sequence
-	if gotSeq != signerData.Sequence {
+
+	execMode := a.ts.ExecMode(ctx)
+	if execMode == transaction.ExecModeCheck {
+		if gotSeq < signerData.Sequence {
+			return nil, fmt.Errorf("sequence number must be higher than: %d, got: %d", signerData.Sequence, gotSeq)
+		}
+	} else if gotSeq != signerData.Sequence {
 		return nil, fmt.Errorf("unexpected sequence number, wanted: %d, got: %d", signerData.Sequence, gotSeq)
 	}
 

diff --git a/x/auth/ante/sigverify.go b/x/auth/ante/sigverify.go
@@ -306,17 +306,25 @@ func (svd SigVerificationDecorator) consumeSignatureGas(
 
 // verifySig will verify the signature of the provided signer account.
 func (svd SigVerificationDecorator) verifySig(ctx context.Context, tx sdk.Tx, acc sdk.AccountI, sig signing.SignatureV2, newlyCreated bool) error {
-	if sig.Sequence != acc.GetSequence() {
+	execMode := svd.ak.GetEnvironment().TransactionService.ExecMode(ctx)
+	if execMode == transaction.ExecModeCheck {
+		if sig.Sequence < acc.GetSequence() {
+			return errorsmod.Wrapf(
+				sdkerrors.ErrWrongSequence,
+				"account sequence mismatch, expected higher than or equal to %d, got %d", acc.GetSequence(), sig.Sequence,
+			)
+		}
+	} else if sig.Sequence != acc.GetSequence() {
 		return errorsmod.Wrapf(
 			sdkerrors.ErrWrongSequence,
-			"account sequence mismatch, expected %d, got %d", acc.GetSequence(), sig.Sequence,
+			"account sequence mismatch: expected %d, got %d", acc.GetSequence(), sig.Sequence,
 		)
 	}
 
 	// we're in simulation mode, or in ReCheckTx, or context is not
 	// on sig verify tx, then we do not need to verify the signatures
 	// in the tx.
-	if svd.ak.GetEnvironment().TransactionService.ExecMode(ctx) == transaction.ExecModeSimulate ||
+	if execMode == transaction.ExecModeSimulate ||
 		isRecheckTx(ctx, svd.ak.GetEnvironment().TransactionService) ||
 		!isSigverifyTx(ctx) {
 		return nil