Fix: sim genesis account validation (#2690)

* fix: app: make SimGenesisAccount.Validate error if .BaseAccount is nil This change ensures that an error is returned, instead of panicking, when SimGenesisAccount.BaseAccount is nil, after invoking .Validate. Found by fuzzing and added the tests in here to catch future regressions. Fixes #2586 * merge fix FuzzGenesisAccountValidate test * fix: lint --------- Co-authored-by: Emmanuel T Odeke <[email protected]> Co-authored-by: Philip Offtermatt <[email protected]>
cosmos · Aug 11, 2023 · 5e192b5 · 5e192b5
1 parent 93cde23
commit 5e192b5
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 0 deletions.
diff --git a/app/genesis_account.go b/app/genesis_account.go
@@ -28,16 +28,25 @@ type SimGenesisAccount struct {
 
 // Validate checks for errors on the vesting and module account parameters
 func (sga SimGenesisAccount) Validate() error {
+	if sga.OriginalVesting.IsAnyNil() {
+		return errors.New("OriginalVesting amount must not be nil")
+	}
+
 	if !sga.OriginalVesting.IsZero() {
 		if sga.StartTime >= sga.EndTime {
 			return errors.New("vesting start-time cannot be before end-time")
 		}
 	}
 
+	if sga.BaseAccount == nil {
+		return errors.New("BaseAccount must not be nil")
+	}
+
 	if sga.ModuleName != "" {
 		ma := authtypes.ModuleAccount{
 			BaseAccount: sga.BaseAccount, Name: sga.ModuleName, Permissions: sga.ModulePermissions,
 		}
+
 		if err := ma.Validate(); err != nil {
 			return err
 		}

diff --git a/app/genesis_account_fuzz_test.go b/app/genesis_account_fuzz_test.go
@@ -0,0 +1,35 @@
+package gaia
+
+import (
+	"runtime/debug"
+	"testing"
+
+	"github.com/google/gofuzz"
+)
+
+func TestFuzzGenesisAccountValidate(t *testing.T) {
+	if testing.Short() {
+		t.Skip("running in -short mode")
+	}
+
+	t.Parallel()
+
+	acct := new(SimGenesisAccount)
+	i := 0
+	defer func() {
+		r := recover()
+		if r == nil {
+			return
+		}
+
+		// Otherwise report on the configuration and iteration.
+		t.Fatalf("Failed SimGenesisAccount on iteration #%d: %#v\n\n%s\n\n%s", i, acct, r, debug.Stack())
+	}()
+
+	f := fuzz.New()
+	for i = 0; i < 1e5; i++ {
+		acct = new(SimGenesisAccount)
+		f.Fuzz(acct)
+		acct.Validate() //nolint:errcheck
+	}
+}
diff --git a/go.mod b/go.mod
@@ -12,6 +12,7 @@ require (
 	github.com/cosmos/interchain-security/v2 v2.0.0
 	github.com/gogo/protobuf v1.3.3
 	github.com/golang/protobuf v1.5.3
+	github.com/google/gofuzz v1.2.0
 	github.com/gorilla/mux v1.8.0
 	github.com/gravity-devs/liquidity v1.6.0
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0

diff --git a/go.sum b/go.sum
@@ -494,6 +494,7 @@ github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSN
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.1-0.20200604201612-c04b05f3adfa/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=