From d7bdbd7488644f0aaeee5cdcdc119c863f199f72 Mon Sep 17 00:00:00 2001 From: Daniel Choi <13338103+araskachoi@users.noreply.github.com> Date: Fri, 8 Jan 2021 17:44:50 -0800 Subject: [PATCH] Fix nonce issue for replay attack (#692) * fix nonce issue for replay attack * fix lint * add to changelog --- CHANGELOG.md | 2 ++ app/ante/eth.go | 2 +- rpc/namespaces/eth/api.go | 14 +++++++------- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eefabf28..263afeda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,8 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Bug Fixes +* (evm) [\#687](https://github.com/cosmos/ethermint/issues/687) Fix nonce check to explicitly check for the correct nonce, rather than a simple 'greater than' comparison. +* (api) [\#687](https://github.com/cosmos/ethermint/issues/687) Returns error for a transaction with an incorrect nonce. * (evm) [\#674](https://github.com/cosmos/ethermint/issues/674) Reset all cache after account data has been committed in `EndBlock` to make sure every node state consistent. * (evm) [\#672](https://github.com/cosmos/ethermint/issues/672) Fix panic of `wrong Block.Header.AppHash` when restart a node with snapshot. diff --git a/app/ante/eth.go b/app/ante/eth.go index 6f4f6a1e..b367f0bb 100644 --- a/app/ante/eth.go +++ b/app/ante/eth.go @@ -257,7 +257,7 @@ func (nvd NonceVerificationDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, sim // if multiple transactions are submitted in succession with increasing nonces, // all will be rejected except the first, since the first needs to be included in a block // before the sequence increments - if msgEthTx.Data.AccountNonce < seq { + if msgEthTx.Data.AccountNonce != seq { return ctx, sdkerrors.Wrapf( sdkerrors.ErrInvalidSequence, "invalid nonce; got %d, expected %d", msgEthTx.Data.AccountNonce, seq, diff --git a/rpc/namespaces/eth/api.go b/rpc/namespaces/eth/api.go index fb7ff5d5..69baf413 100644 --- a/rpc/namespaces/eth/api.go +++ b/rpc/namespaces/eth/api.go @@ -1000,16 +1000,16 @@ func (api *PublicEthereumAPI) generateFromArgs(args rpctypes.SendTxArgs) (*evmty gasPrice = big.NewInt(ethermint.DefaultGasPrice) } - if args.Nonce == nil { - // get the nonce from the account retriever and the pending transactions - nonce, err = api.accountNonce(api.clientCtx, args.From, true) - } else { - nonce = (uint64)(*args.Nonce) - } - + // get the nonce from the account retriever and the pending transactions + nonce, err = api.accountNonce(api.clientCtx, args.From, true) if err != nil { return nil, err } + if args.Nonce != nil { + if nonce != (uint64)(*args.Nonce) { + return nil, fmt.Errorf(fmt.Sprintf("invalid nonce; got %d, expected %d", (uint64)(*args.Nonce), nonce)) + } + } if args.Data != nil && args.Input != nil && !bytes.Equal(*args.Data, *args.Input) { return nil, errors.New("both 'data' and 'input' are set and not equal. Please use 'input' to pass transaction call data")