Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Withdraw Account can be empty #15

Open
ghost opened this issue Jul 31, 2020 · 1 comment
Open

Withdraw Account can be empty #15

ghost opened this issue Jul 31, 2020 · 1 comment
Labels
bug Something isn't working

Comments

@ghost
Copy link

ghost commented Jul 31, 2020

Describe The Bug
In distribution module, delegator's withdraw Account can be empty
when the event like unbonding or redelegation happen, rewarding coins will be burn.

In other words, Adversary can burn coins by a malicious transaction without the signature of coin's creator.

Code Snippets
validateBasic of setWithdrawAccount hasn't be implemented.
malicious transactions with empty withdrawAccount will be preformed normally.

setWithdrawAccount structs look like this

type MsgSetWithdrawAccountIdData struct {
	DelegatorAccountid chainType.AccountID 
	WithdrawAccountid  chainType.AccountID 
}

Input/Output

  1. input command line like this:
    ./build/ktscli tx kudistribution set-withdraw kratos --keyring-backend test --chain-id testing --home ./testing/cli/ --from kratos

  2. output a normally successful response

To Reproduce

  1. found func GetCmdSetWithdrawAddr(cdc *codec.Codec) *cobra.Command { in x/distribution/client/cli.go
    modify cobra.ExactArgs(2) into cobra.ExactArgs(1)
    modify withdrawAccId, err := chainType.NewAccountIDFromStr(args[0]) into
    withdrawAccId, err := chainType.NewAccountIDFromStr("")

2.remake ktscli

3.run command like this ./build/ktscli tx kudistribution set-withdraw kratos --keyring-backend test --chain-id testing --home ./testing/cli/ --from kratos
and we can see the normal response.
image

  1. finally check your withdraw addr with command ./build/ktscli query kudistribution whithdraw-addr kratos
    image

as above, we set the withdrawAddr to empty.

Expected Behavior
kratos need intact ValidateBasic function which be called in the AnteHandler for distribution module

Desktop

  • OS: MacOS catalina 10.15.

Additional Context
the difference between issue#14 to issue#15 is that there wasn't any implementation of ValidateBasic for distribution in issue#15 at all.

Contact Information
[email protected]
@Pisces-Anjou
Copy link
Contributor

Hi

Thanks for your submission.
We have tested the issue you mentioned and did reproduce it.
This is a valid vulnerability. After evaluation, this vulnerability has been graded as P3.
Please pay attention to the announcement and your email to get your rewards.
Thanks for your attention and contribution. Please keep trying and help us improve our chain.

Regards
KuChain Team

@Pisces-Anjou Pisces-Anjou added the bug Something isn't working label Aug 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Pisces-Anjou