-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDK should not call address.String() #8332
Comments
cc @ethanfrey I'm not sure if you will need to use the SDK config, but this is a good thing to be aware of. It just cost me another couple hours in debugging the golang relayer |
Thank you. The go relayer definitely needs multi-chain support from the SDK. |
It is just an issue with using the go code, so you should be fine then |
Note that we are planning to deal with this holistically in #7448 which will likely require passing an address config into all keepers as well as |
in the near future we plan on removing the global bech32 which should fix this issue. This has been a pain point for us as well. closing this as the issue has this linked and an updated issue will be opened once we begin the work. |
Summary
A bug surfaced on the relayer which is explained here. Essentially, the
address.String()
function uses the currently set config to add the AccountPrefix. Even if the AccAddress is generated with the correctly set config file, if the AccAddress.String() occurs when the config file has been switched, the resulting AccountPrefix may be incorrect.Here is a simplified flow of what occurred on the relayer:
This appears correct, but what resulted was an address being constructed using the counterparty config file. GetAddress was constructing an
AccAddress
and setting the source config file, butcounterparty.QueryProof
would change the context and set the counterparty config file. Then inNewMsg
,addr.String()
was being called which was using the last set config file.The fix:
This is a very subtle bug. The relayer code is far from perfect, but I can easily see implementations running into this very often and it's incredibly hard to detect since everything looks correct.
.String()
is using external context to produce the stringified value. This is dangerous.I would recommend considering all uses of
addr.String()
as dangerous/risky in this SDK codebase. AllNewMsg...
functions should take in a string instead of anAccAddress
unless they explicitly cannot. In this case, the function must clearly document this potential bug. The.String
function should document this clearly (if it is not already) and recommend that libraries do not use this function.Edit: Here is where
String
relies on the config. It might be true that in block code execution is safe to call.String()
but that client side code is not since the config could be swapped (as in the relayer)A long term refactor to remove this config file dependency would probably be best.
cc: @fedekunze @amaurymartiny @jackzampolin
For Admin Use
The text was updated successfully, but these errors were encountered: