LaconicNetwork/cosmos-sdk
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

fix(crypto/ledger): Improve error message when deriving paths (#22116) (#24036)

Browse Source 
Co-authored-by: Ezequiel Raynaudo <raynaudo.ee@gmail.com>
This commit is contained in:
Alex | Interchain Labs 2025-03-19 13:37:43 -04:00 committed by GitHub
parent 700d33457a
commit 87403fadae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -49,9 +49,9 @@ Ref: https://keepachangelog.com/en/1.0.0/
### Improvements
* (crypto/ledger) [#24036](https://github.com/cosmos/cosmos-sdk/pull/24036) Improve error message when deriving paths using index > 100
* (gRPC) [#23844](https://github.com/cosmos/cosmos-sdk/pull/23844) Add debug log prints for each gRPC request.
### Bug Fixes
* (client/keys) [#24041](https://github.com/cosmos/cosmos-sdk/pull/24041) `keys delete` won't terminate when a key is not found, but will log the error.

10
crypto/ledger/ledger_secp256k1.go
View File

@ -331,7 +331,7 @@ func getPubKeyUnsafe(device SECP256K1, path hd.BIP44Params) (types.PubKey, error
return options.createPubkey(compressedPublicKey), nil
}
// getPubKeyAddr reads the pubkey and the address from a ledger device.
// getPubKeyAddrSafe reads the pubkey and the address from a ledger device.
// This function is marked as Safe as it will require user confirmation and
// account and index will be shown in the device.
//
@ -340,7 +340,13 @@ func getPubKeyUnsafe(device SECP256K1, path hd.BIP44Params) (types.PubKey, error
func getPubKeyAddrSafe(device SECP256K1, path hd.BIP44Params, hrp string) (types.PubKey, string, error) {
publicKey, addr, err := device.GetAddressPubKeySECP256K1(path.DerivationPath(), hrp)
if err != nil {
return nil, "", fmt.Errorf("%w: address rejected for path %s", err, path.String())
// Check special case if user is trying to use an index > 100
if path.AddressIndex > 100 {
return nil, "", fmt.Errorf("%w: cannot derive paths where index > 100: %s "+
"This is a security measure to avoid very hard to find derivation paths introduced by a possible attacker. "+
"You can disable this by setting expert mode in your ledger device. Do this at your own risk", err, path)
}
return nil, "", fmt.Errorf("%w: address rejected for path %s", err, path)
}
// re-serialize in the 33-byte compressed format