Panics in ABCI calls

[JasperSurmont]

Hey, after reading this possible vulnerability in cosmos-sdk chains, I looked through the SDK. I found in the runTx function a recover, which will recover the chain on panic, removing (I think?) the vulnerability they listed. However, why is there not a similar structure in Begin/EndBlock? Can anyone explain why this vulnerability they found it not handled / why it is not a vulnerability at all?

[facundomedica]

Basically on runTx we want to recover from any panics caused by a tx, otherwise anyone sending a failing tx could halt the entire chain. So we recover, mark the tx as failed and move on.

With BeginBlock and EndBlock it's different as it's something triggered by CometBFT through ABCI, so there's no user intervention here and these functions are expected to succeed to keep the chain running.

I believe the link you've posted is pointing out that developers should be aware of the implications of panicking in these methods, and what could cause a panic. So it's about a possible/hypothetical vulnerability in any chain using the SDK. It also says There should be no unanticipated panics in these methods, meaning that sometimes you will want to panic if things have gone horribly wrong.