deep-stack/laconicd-deprecated
5
0
Fork 0
forked from cerc-io/laconicd-deprecated
Code Pull Requests Activity

Fix nonce issue for replay attack (#692)

Browse Source 
* fix nonce issue for replay attack

* fix lint

* add to changelog
This commit is contained in:
Daniel Choi 2021-01-08 17:44:50 -08:00 committed by GitHub
parent 4a619b1e1b
commit d7bdbd7488
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -44,6 +44,8 @@ Ref: https://keepachangelog.com/en/1.0.0/
### Bug Fixes ### Bug Fixes
* (evm) [\#687](https://github.com/cosmos/ethermint/issues/687) Fix nonce check to explicitly check for the correct nonce, rather than a simple 'greater than' comparison.
* (api) [\#687](https://github.com/cosmos/ethermint/issues/687) Returns error for a transaction with an incorrect nonce.
* (evm) [\#674](https://github.com/cosmos/ethermint/issues/674) Reset all cache after account data has been committed in `EndBlock` to make sure every node state consistent. * (evm) [\#674](https://github.com/cosmos/ethermint/issues/674) Reset all cache after account data has been committed in `EndBlock` to make sure every node state consistent.
* (evm) [\#672](https://github.com/cosmos/ethermint/issues/672) Fix panic of `wrong Block.Header.AppHash` when restart a node with snapshot. * (evm) [\#672](https://github.com/cosmos/ethermint/issues/672) Fix panic of `wrong Block.Header.AppHash` when restart a node with snapshot.

2
app/ante/eth.go
View File

@ -257,7 +257,7 @@ func (nvd NonceVerificationDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, sim
// if multiple transactions are submitted in succession with increasing nonces, // if multiple transactions are submitted in succession with increasing nonces,
// all will be rejected except the first, since the first needs to be included in a block // all will be rejected except the first, since the first needs to be included in a block
// before the sequence increments // before the sequence increments
if msgEthTx.Data.AccountNonce < seq { if msgEthTx.Data.AccountNonce != seq {
return ctx, sdkerrors.Wrapf( return ctx, sdkerrors.Wrapf(
sdkerrors.ErrInvalidSequence, sdkerrors.ErrInvalidSequence,
"invalid nonce; got %d, expected %d", msgEthTx.Data.AccountNonce, seq, "invalid nonce; got %d, expected %d", msgEthTx.Data.AccountNonce, seq,

10
rpc/namespaces/eth/api.go
View File

@ -1000,16 +1000,16 @@ func (api *PublicEthereumAPI) generateFromArgs(args rpctypes.SendTxArgs) (*evmty
gasPrice = big.NewInt(ethermint.DefaultGasPrice) gasPrice = big.NewInt(ethermint.DefaultGasPrice)
} }
if args.Nonce == nil {
// get the nonce from the account retriever and the pending transactions // get the nonce from the account retriever and the pending transactions
nonce, err = api.accountNonce(api.clientCtx, args.From, true) nonce, err = api.accountNonce(api.clientCtx, args.From, true)
} else {
nonce = (uint64)(*args.Nonce)
}
if err != nil { if err != nil {
return nil, err return nil, err
} }
if args.Nonce != nil {
if nonce != (uint64)(*args.Nonce) {
return nil, fmt.Errorf(fmt.Sprintf("invalid nonce; got %d, expected %d", (uint64)(*args.Nonce), nonce))
}
}
if args.Data != nil && args.Input != nil && !bytes.Equal(*args.Data, *args.Input) { if args.Data != nil && args.Input != nil && !bytes.Equal(*args.Data, *args.Input) {
return nil, errors.New("both 'data' and 'input' are set and not equal. Please use 'input' to pass transaction call data") return nil, errors.New("both 'data' and 'input' are set and not equal. Please use 'input' to pass transaction call data")