-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect code in staking module CompleteUnbonding
can cause permanent loss or minting of funds.
#229
Comments
func (k Keeper) CompleteUnbonding
CompleteUnbonding
can cause permanent loss of funds.
That's the bug! 🎉 It actually fixes the test :) Great job @danwt |
Congrats, Dan; great work! Really happy for you, as well for users who won't loose their funds because of this bug:) |
I will add, this bug could also cause arbitrary minting of funds into a delegator address. To see this, notice that the bug can cause the following: Suppose [a,b] with |
CompleteUnbonding
can cause permanent loss of funds.CompleteUnbonding
can cause permanent loss or minting of funds.
Awesome! The code in our staking hooks is basically copied from the existing operations. Looking forward to figuring out how this crept in when I copied it when I get back |
@danwt Can we close this issue? |
This code is wrong
https://github.com/cosmos/cosmos-sdk/blob/c783aea68fbd856c2b188b2d467a7fa5cb4df1e6/x/staking/keeper/delegation.go#L788-L805
because the data the pointer (
entry := &ubd.Entries[i]
) points to is deleted (ubd.RemoveEntry(int64(i))
) before it is referenced.Note: this bug can lead to users not getting back all their funds.
Found with diff testing.
The text was updated successfully, but these errors were encountered: