Merge branch 'release/v0.46.x' into fix/authz-not-verfying-submsgs

.github/workflows/lint.yml

@@ -23,4 +23,4 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.49.0
+          version: v1.51.2

.github/workflows/test-race.yml

@@ -48,6 +48,9 @@ jobs:
             **/**.go
             **/go.mod
             **/go.sum
+      - name: Update deps
+        run: go mod tidy
+
       - name: Build
         run: GOARCH=${{ matrix.go-arch }} LEDGER_ENABLED=false make build
 
@@ -105,6 +108,8 @@ jobs:
         with:
           name: "${{ github.sha }}-${{ matrix.part }}"
         if: env.GIT_DIFF
+      - name: Update deps
+        run: go mod tidy
       - name: test & coverage report creation
         run: |
           xargs --arg-file=pkgs.txt.part.${{ matrix.part }} go test -mod=readonly -timeout 30m -race -tags='cgo ledger test_ledger_mock'

.github/workflows/test.yml

@@ -35,6 +35,9 @@ jobs:
             **/**.go
             **/go.mod
             **/go.sum
+      - name: Update deps
+        run: go mod tidy
+
       - name: Build
         run: GOARCH=${{ matrix.go-arch }} LEDGER_ENABLED=false make build
 
@@ -56,6 +59,8 @@ jobs:
             **/**.go
             go.mod
             go.sum
+      - name: Update deps
+        run: go mod tidy
       - name: Run submodule tests and create test coverage profile.
         # GIT_DIFF is passed to the scripts
         run: bash scripts/module-tests.sh
@@ -116,6 +121,8 @@ jobs:
         with:
           name: "${{ github.sha }}-${{ matrix.part }}"
         if: env.GIT_DIFF
+      - name: update deps
+        run: go mod tidy
       - name: test & coverage report creation
         run: |
           cat pkgs.txt.part.${{ matrix.part }} | xargs go test -mod=readonly -timeout 30m -coverprofile=${{ matrix.part }}profile.out -covermode=atomic -tags='norace ledger test_ledger_mock'
@@ -189,6 +196,8 @@ jobs:
             **/**.go
             go.mod
             go.sum
+      - name: Update deps
+        run: go mod tidy
       - name: test rosetta
         run: |
           make test-rosetta
@@ -209,6 +218,8 @@ jobs:
             **/**.go
             go.mod
             go.sum
+      - name: Update deps
+        run: go mod tidy
       - name: start localnet
         run: |
           make clean localnet-start
@@ -250,6 +261,8 @@ jobs:
             **/**.go
             go.mod
             go.sum
+      - name: Update deps
+        run: go mod tidy
       - uses: actions/cache@v3
         with:
           path: ~/go/bin

.gitignore

@@ -23,6 +23,7 @@ dist
 tools-stamp
 buf-stamp
 artifacts
+tools/
 
 # Data - ideally these don't exist
 baseapp/data/*

.golangci.yml

@@ -41,8 +41,7 @@ issues:
     - text: "should be written without leading space as"
       linters:
         - nolintlint
-    - path: "migrations"
-      text: "SA1019:"
+    - text: "SA1019:"
       linters:
         - staticcheck
 

CHANGELOG.md

@@ -39,7 +39,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ## [v0.46.13](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.46.13) - 2023-06-08
 
-## Features
+## Features 
 
 * (snapshots) [#16060](https://github.com/cosmos/cosmos-sdk/pull/16060) Support saving and restoring snapshot locally.
 * (baseapp) [#16290](https://github.com/cosmos/cosmos-sdk/pull/16290) Add circuit breaker setter in baseapp.
@@ -295,6 +295,7 @@ replace github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8
 * [#13318](https://github.com/cosmos/cosmos-sdk/pull/13318) Keep the balance query endpoint compatible with legacy blocks.
 * [#13321](https://github.com/cosmos/cosmos-sdk/pull/13321) Add flag to disable fast node migration and usage.
 
+
 ### Bug Fixes
 
 * (types) [#13265](https://github.com/cosmos/cosmos-sdk/pull/13265) Correctly coalesce coins even with repeated denominations & simplify logic.

Makefile

@@ -15,9 +15,6 @@ DOCKER := $(shell which docker)
 DOCKER_BUF := $(DOCKER) run --rm -v $(CURDIR):/workspace --workdir /workspace bufbuild/buf:1.0.0-rc8
 PROJECT_NAME = $(shell git remote get-url origin | xargs basename -s .git)
 DOCS_DOMAIN=docs.cosmos.network
-# RocksDB is a native dependency, so we don't assume the library is installed.
-# Instead, it must be explicitly enabled and we warn when it is not.
-ENABLE_ROCKSDB ?= false
 
 export GO111MODULE = on
 
@@ -63,33 +60,23 @@ ldflags = -X github.com/cosmos/cosmos-sdk/version.Name=sim \
 		  -X github.com/cosmos/cosmos-sdk/version.Version=$(VERSION) \
 		  -X github.com/cosmos/cosmos-sdk/version.Commit=$(COMMIT) \
 		  -X "github.com/cosmos/cosmos-sdk/version.BuildTags=$(build_tags_comma_sep)" \
-			-X github.com/tendermint/tendermint/version.TMCoreSemVer=$(TMVERSION)
-
-ifeq ($(ENABLE_ROCKSDB),true)
-  BUILD_TAGS += rocksdb_build
-  test_tags += rocksdb_build
-else
-  $(warning RocksDB support is disabled; to build and test with RocksDB support, set ENABLE_ROCKSDB=true)
-endif
+		  -X github.com/tendermint/tendermint/version.TMCoreSemVer=$(TMVERSION)
 
 # DB backend selection
 ifeq (cleveldb,$(findstring cleveldb,$(COSMOS_BUILD_OPTIONS)))
   build_tags += gcc
 endif
 ifeq (badgerdb,$(findstring badgerdb,$(COSMOS_BUILD_OPTIONS)))
-  BUILD_TAGS += badgerdb
+  build_tags += badgerdb
 endif
 # handle rocksdb
 ifeq (rocksdb,$(findstring rocksdb,$(COSMOS_BUILD_OPTIONS)))
-  ifneq ($(ENABLE_ROCKSDB),true)
-    $(error Cannot use RocksDB backend unless ENABLE_ROCKSDB=true)
-  endif
   CGO_ENABLED=1
-  BUILD_TAGS += rocksdb
+  build_tags += rocksdb
 endif
 # handle boltdb
 ifeq (boltdb,$(findstring boltdb,$(COSMOS_BUILD_OPTIONS)))
-  BUILD_TAGS += boltdb
+  build_tags += boltdb
 endif
 
 ifeq (,$(findstring nostrip,$(COSMOS_BUILD_OPTIONS)))
@@ -342,7 +329,7 @@ benchmark:
 ###############################################################################
 
 golangci_lint_cmd=golangci-lint
-golangci_version=v1.49.0
+golangci_version=v1.51.2
 
 lint:
 	@echo "--> Running linter"
@@ -406,6 +393,7 @@ proto-gen:
 	@echo "Generating Protobuf files"
 	@if docker ps -a --format '{{.Names}}' | grep -Eq "^${containerProtoGen}$$"; then docker start -a $(containerProtoGen); else docker run --name $(containerProtoGen) -v $(CURDIR):/workspace --workdir /workspace $(protoImageName) \
 		sh ./scripts/protocgen.sh; fi
+	@go mod tidy
 
 # This generates the SDK's custom wrapper for google.protobuf.Any. It should only be run manually when needed
 proto-gen-any:
@@ -423,14 +411,13 @@ proto-format:
 	@if docker ps -a --format '{{.Names}}' | grep -Eq "^${containerProtoFmt}$$"; then docker start -a $(containerProtoFmt); else docker run --name $(containerProtoFmt) -v $(CURDIR):/workspace --workdir /workspace tendermintdev/docker-build-proto \
 		find ./ -not -path "./third_party/*" -name "*.proto" -exec clang-format -i {} \; ; fi
 
-
 proto-lint:
 	@$(DOCKER_BUF) lint --error-format=json
 
 proto-check-breaking:
 	@$(DOCKER_BUF) breaking --against $(HTTPS_GIT)#branch=main
 
-TM_URL              = https://raw.githubusercontent.com/cometbft/cometbft/v0.34.27/proto/tendermint
+TM_URL              = https://raw.githubusercontent.com/cometbft/cometbft/v0.34.28/proto/tendermint
 
 TM_CRYPTO_TYPES     = proto/tendermint/crypto
 TM_ABCI_TYPES       = proto/tendermint/abci

RELEASE_NOTES.md

@@ -1,17 +1,21 @@
-# Cosmos SDK v0.46.11 Release Notes
+# Cosmos SDK v0.46.13 Release Notes
+
+This release includes few improvements and bug fixes.
+Notably, the [barberry security fix](https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825). All chains using Cosmos SDK v0.46.0 and above must upgrade to `v0.46.13` **immediately**. A chain is safe as soon as **33%+1** of the voting power has upgraded. Coordinate with your validators to upgrade as soon as possible.
+
+Additionally, it includes new commands for snapshots management and bootstrapping from a local snapshot (add `snapshot.Cmd(appCreator)` to the chain root command for using it).
+
+Did you know Cosmos SDK Twilight (a.k.a v0.47) has been released? Upgrade easily by reading the [upgrading guide](https://github.com/cosmos/cosmos-sdk/blob/release/v0.47.x/UPGRADING.md#v047x).
+
+Ensure you have the following replaces in the `go.mod` of your application:
 
-This release includes the migration to [CometBFT v0.34.27](https://github.com/cometbft/cometbft/blob/v0.34.27/CHANGELOG.md#v03427).
-This migration should be not be breaking for chains.
-From `v0.46.11`+, the following replace is *mandatory* in the `go.mod` of your application:
 ```go
 // use cometbft
-replace github.com/tendermint/tendermint => github.com/cometbft/cometbft v0.34.27
+replace github.com/tendermint/tendermint => github.com/cometbft/cometbft v0.34.28
+// replace broken goleveldb
+replace github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
 ```
 
-Additionally, the SDK sets its minimum version to Go 1.19. This is not because the SDK uses new Go 1.19 functionalities, but to signal that we recommend chains to upgrade to Go 1.19 — Go 1.18 is not supported by the Go Team anymore.
-Note, that SDK recommends chains to use the same Go version across all of their network.
-We recommend, as well, chains to perform a **coordinated upgrade** when migrating from Go 1.18 to Go 1.19.
-
 Please see the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/release/v0.46.x/CHANGELOG.md) for an exhaustive list of changes.
 
-**Full Commit History**: https://github.com/cosmos/cosmos-sdk/compare/v0.46.10...v0.46.11
+**Full Commit History**: https://github.com/cosmos/cosmos-sdk/compare/v0.46.12...v0.46.13

baseapp/baseapp.go

@@ -1,6 +1,7 @@
 package baseapp
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 
@@ -228,6 +229,15 @@ func (app *BaseApp) SetMsgServiceRouter(msgServiceRouter *MsgServiceRouter) {
 	app.msgServiceRouter = msgServiceRouter
 }
 
+// SetCircuitBreaker sets the circuit breaker for the BaseApp.
+// The circuit breaker is checked on every message execution to verify if a transaction should be executed or not.
+func (app *BaseApp) SetCircuitBreaker(cb CircuitBreaker) {
+	if app.msgServiceRouter == nil {
+		panic("cannot set circuit breaker with no msg service router set")
+	}
+	app.msgServiceRouter.SetCircuit(cb)
+}
+
 // MountStores mounts all IAVL or DB stores to the provided keys in the BaseApp
 // multistore.
 func (app *BaseApp) MountStores(keys ...storetypes.StoreKey) {
@@ -352,7 +362,7 @@ func (app *BaseApp) Init() error {
 	app.Seal()
 
 	if app.cms == nil {
-		return fmt.Errorf("commit multi-store must not be nil")
+		return errors.New("commit multi-store must not be nil")
 	}
 
 	return app.cms.GetPruning().Validate()
@@ -843,3 +853,8 @@ func (app *BaseApp) runMsgs(ctx sdk.Context, msgs []sdk.Msg, mode runTxMode) (*s
 func makeABCIData(msgResponses []*codectypes.Any) ([]byte, error) {
 	return proto.Marshal(&sdk.TxMsgData{MsgResponses: msgResponses})
 }
+
+// Close is called in start cmd to gracefully cleanup resources.
+func (app *BaseApp) Close() error {
+	return nil
+}

baseapp/circuit.go

@@ -0,0 +1,8 @@
+package baseapp
+
+import "context"
+
+// CircuitBreaker is an interface that defines the methods for a circuit breaker.
+type CircuitBreaker interface {
+	IsAllowed(ctx context.Context, typeURL string) (bool, error)
+}

baseapp/msg_service_router.go

@@ -17,6 +17,7 @@ import (
 type MsgServiceRouter struct {
 	interfaceRegistry codectypes.InterfaceRegistry
 	routes            map[string]MsgServiceHandler
+	circuitBreaker    CircuitBreaker
 }
 
 var _ gogogrpc.Server = &MsgServiceRouter{}
@@ -31,6 +32,10 @@ func NewMsgServiceRouter() *MsgServiceRouter {
 // MsgServiceHandler defines a function type which handles Msg service message.
 type MsgServiceHandler = func(ctx sdk.Context, req sdk.Msg) (*sdk.Result, error)
 
+func (msr *MsgServiceRouter) SetCircuit(cb CircuitBreaker) {
+	msr.circuitBreaker = cb
+}
+
 // Handler returns the MsgServiceHandler for a given msg or nil if not found.
 func (msr *MsgServiceRouter) Handler(msg sdk.Msg) MsgServiceHandler {
 	return msr.routes[sdk.MsgTypeURL(msg)]
@@ -121,6 +126,20 @@ func (msr *MsgServiceRouter) RegisterService(sd *grpc.ServiceDesc, handler inter
 					return nil, err
 				}
 			}
+
+			if msr.circuitBreaker != nil {
+				msgURL := sdk.MsgTypeURL(req)
+
+				isAllowed, err := msr.circuitBreaker.IsAllowed(ctx, msgURL)
+				if err != nil {
+					return nil, err
+				}
+
+				if !isAllowed {
+					return nil, fmt.Errorf("circuit breaker disables execution of this message: %s", msgURL)
+				}
+			}
+
 			// Call the method handler from the service description with the handler object.
 			// We don't do any decoding here because the decoding was already done.
 			res, err := methodHandler(handler, sdk.WrapSDKContext(ctx), noopDecoder, interceptor)

client/prompts.go → client/prompt_validation.go

@@ -29,11 +29,22 @@ func ValidatePromptURL(input string) error {
 
 // ValidatePromptAddress validates that the input is a valid Bech32 address.
 func ValidatePromptAddress(input string) error {
-	if _, err := sdk.AccAddressFromBech32(input); err != nil {
-		return fmt.Errorf("invalid address: %w", err)
+	_, err := sdk.AccAddressFromBech32(input)
+	if err == nil {
+		return nil
 	}
 
-	return nil
+	_, err = sdk.ValAddressFromBech32(input)
+	if err == nil {
+		return nil
+	}
+
+	_, err = sdk.ConsAddressFromBech32(input)
+	if err == nil {
+		return nil
+	}
+
+	return fmt.Errorf("invalid address: %w", err)
 }
 
 // ValidatePromptYesNo validates that the input is valid sdk.COins

client/prompt_validation_test.go

@@ -0,0 +1,38 @@
+package client_test
+
+import (
+	"testing"
+
+	"github.com/cosmos/cosmos-sdk/client"
+	"github.com/stretchr/testify/require"
+)
+
+func TestValidatePromptNotEmpty(t *testing.T) {
+	require := require.New(t)
+
+	require.NoError(client.ValidatePromptNotEmpty("foo"))
+	require.ErrorContains(client.ValidatePromptNotEmpty(""), "input cannot be empty")
+}
+
+func TestValidatePromptURL(t *testing.T) {
+	require := require.New(t)
+
+	require.NoError(client.ValidatePromptURL("https://example.com"))
+	require.ErrorContains(client.ValidatePromptURL("foo"), "invalid URL")
+}
+
+func TestValidatePromptAddress(t *testing.T) {
+	require := require.New(t)
+
+	require.NoError(client.ValidatePromptAddress("cosmos1huydeevpz37sd9snkgul6070mstupukw00xkw9"))
+	require.NoError(client.ValidatePromptAddress("cosmosvaloper1sjllsnramtg3ewxqwwrwjxfgc4n4ef9u2lcnj0"))
+	require.NoError(client.ValidatePromptAddress("cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h"))
+	require.ErrorContains(client.ValidatePromptAddress("foo"), "invalid address")
+}
+
+func TestValidatePromptCoins(t *testing.T) {
+	require := require.New(t)
+
+	require.NoError(client.ValidatePromptCoins("100stake"))
+	require.ErrorContains(client.ValidatePromptCoins("foo"), "invalid coins")
+}