diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c0abab412..a4381053bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ BREAKING CHANGES * [lcd] Switch key creation output to return bech32 * [x/stake] store-value for delegation, validator, ubd, and red do not hold duplicate information contained store-key * [gaiad] genesis transactions now use bech32 addresses / pubkeys +* [lcd] Removed shorthand CLI flags (`a`, `c`, `n`, `o`) * [types] Renamed `sdk.Address` to `sdk.AccAddress`/`sdk.ValAddress` * [types] `sdk.AccAddress`/`sdk.ValAddress` natively marshals to Bech32 in String, Sprintf (when used with `%s`), and MarshalJSON diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..4eddc8c4fb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,29 @@ +# Security + +As part of our [Coordinated Vulnerability Disclosure +Policy](https://tendermint.com/security), we operate a bug bounty. +See the policy for more details on submissions and rewards. + +The following is a list of examples of the kinds of bugs we're most interested in for +the Cosmos SDK. See [here](https://github.com/tendermint/tendermint/blob/master/SECURITY.md) for vulnerabilities we are interested in for Tendermint, and lower-level libraries, e.g. IAVL. + +## Modules +- x/staking +- x/slashing +- x/types +- x/gov + +We are interested in bugs in other modules, however the above are most likely to have +significant vulnerabilities, due to the complexity / nuance involved + +## How we process Tx parameters +- Integer operations on tx parameters, especially sdk.Int / sdk.Uint +- Gas calculation & parameter choices +- Tx signature verification (code in x/auth/ante.go) +- Possible Node DoS vectors. (Perhaps due to Gas weighting / non constant timing) + +## Handling private keys +- HD key derivation, local and Ledger, and all key-management functionality +- Side-channel attack vectors with our implementations + - e.g. key exfiltration based on time or memory-access patterns when decrypting privkey + diff --git a/client/lcd/root.go b/client/lcd/root.go index 5c427546a5..7406a30568 100644 --- a/client/lcd/root.go +++ b/client/lcd/root.go @@ -4,14 +4,6 @@ import ( "net/http" "os" - "github.com/gorilla/mux" - "github.com/spf13/cobra" - "github.com/spf13/viper" - "github.com/tendermint/tendermint/libs/log" - - cmn "github.com/tendermint/tendermint/libs/common" - tmserver "github.com/tendermint/tendermint/rpc/lib/server" - client "github.com/cosmos/cosmos-sdk/client" "github.com/cosmos/cosmos-sdk/client/context" keys "github.com/cosmos/cosmos-sdk/client/keys" @@ -24,6 +16,12 @@ import ( ibc "github.com/cosmos/cosmos-sdk/x/ibc/client/rest" slashing "github.com/cosmos/cosmos-sdk/x/slashing/client/rest" stake "github.com/cosmos/cosmos-sdk/x/stake/client/rest" + "github.com/gorilla/mux" + "github.com/spf13/cobra" + "github.com/spf13/viper" + cmn "github.com/tendermint/tendermint/libs/common" + "github.com/tendermint/tendermint/libs/log" + tmserver "github.com/tendermint/tendermint/rpc/lib/server" ) // ServeCommand will generate a long-running rest server @@ -40,28 +38,35 @@ func ServeCommand(cdc *wire.Codec) *cobra.Command { RunE: func(cmd *cobra.Command, args []string) error { listenAddr := viper.GetString(flagListenAddr) handler := createHandler(cdc) - logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout)). - With("module", "rest-server") + logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout)).With("module", "rest-server") maxOpen := viper.GetInt(flagMaxOpenConnections) - listener, err := tmserver.StartHTTPServer(listenAddr, handler, logger, tmserver.Config{MaxOpenConnections: maxOpen}) + + listener, err := tmserver.StartHTTPServer( + listenAddr, handler, logger, + tmserver.Config{MaxOpenConnections: maxOpen}, + ) if err != nil { return err } + logger.Info("REST server started") - // Wait forever and cleanup + // wait forever and cleanup cmn.TrapSignal(func() { err := listener.Close() logger.Error("error closing listener", "err", err) }) + return nil }, } - cmd.Flags().StringP(flagListenAddr, "a", "tcp://localhost:1317", "Address for server to listen on") - cmd.Flags().String(flagCORS, "", "Set to domains that can make CORS requests (* for all)") - cmd.Flags().StringP(client.FlagChainID, "c", "", "ID of chain we connect to") - cmd.Flags().StringP(client.FlagNode, "n", "tcp://localhost:26657", "Node to connect to") - cmd.Flags().IntP(flagMaxOpenConnections, "o", 1000, "Maximum open connections") + + cmd.Flags().String(flagListenAddr, "tcp://localhost:1317", "The address for the server to listen on") + cmd.Flags().String(flagCORS, "", "Set the domains that can make CORS requests (* for all)") + cmd.Flags().String(client.FlagChainID, "", "The chain ID to connect to") + cmd.Flags().String(client.FlagNode, "tcp://localhost:26657", "Address of the node to connect to") + cmd.Flags().Int(flagMaxOpenConnections, 1000, "The number of maximum open connections") + return cmd } @@ -75,9 +80,10 @@ func createHandler(cdc *wire.Codec) http.Handler { ctx := context.NewCoreContextFromViper() - // TODO make more functional? aka r = keys.RegisterRoutes(r) + // TODO: make more functional? aka r = keys.RegisterRoutes(r) r.HandleFunc("/version", CLIVersionRequestHandler).Methods("GET") r.HandleFunc("/node_version", NodeVersionRequestHandler(ctx)).Methods("GET") + keys.RegisterRoutes(r) rpc.RegisterRoutes(ctx, r) tx.RegisterRoutes(ctx, r, cdc) @@ -87,5 +93,6 @@ func createHandler(cdc *wire.Codec) http.Handler { stake.RegisterRoutes(ctx, r, cdc, kb) slashing.RegisterRoutes(ctx, r, cdc, kb) gov.RegisterRoutes(ctx, r, cdc) + return r } diff --git a/store/iavlstore.go b/store/iavlstore.go index 26a0c9ea17..e5d5095728 100644 --- a/store/iavlstore.go +++ b/store/iavlstore.go @@ -16,7 +16,7 @@ import ( const ( defaultIAVLCacheSize = 10000 defaultIAVLNumRecent = 100 - defaultIAVLStoreEvery = 10000 + defaultIAVLStoreEvery = 1 ) // load the iavl store