-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(x/auth/vesting): panic on overflowing & negative EndTimes for PeriodicVestingAccount #16733
fix(x/auth/vesting): panic on overflowing & negative EndTimes for PeriodicVestingAccount #16733
Conversation
This comment has been minimized.
This comment has been minimized.
375d819
to
d08d617
Compare
CHANGELOG.md
Outdated
@@ -38,6 +38,10 @@ Ref: https://keepachangelog.com/en/1.0.0/ | |||
|
|||
## [Unreleased] | |||
|
|||
### Bug Fixes | |||
|
|||
* (x/auth/vesting) [#16733](https://github.com/cosmos/cosmos-sdk/pull/16733) panic on overflowing and negative EndTimes when creating a PeriodicVestingAccount |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not: there is already a bugfix section below, can you add it there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @julienrbrt, updated!
endTime += p.Length | ||
} | ||
if endTime < 0 || endTime < startTime { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this check be in the Validate function of a base vesting account and here we can call validate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am skeptical of moving it there, for starters and for brevity can we keep it as is here, then later on refactor it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure!
…iodicVestingAccount Caught in an audit, this change panics when a PeriodicVestingAccount's constituent period lengths are negative, or if the total .EndTime has overflown.
d08d617
to
771cff2
Compare
…iodicVestingAccount (backport #16733) (#16735) Co-authored-by: Emmanuel T Odeke <[email protected]> Co-authored-by: Julien Robert <[email protected]>
Caught in an audit, this change panics when a PeriodicVestingAccount's constituent period lengths are negative, or if the total .EndTime has overflown.
/cc @elias-orijtech