Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: audit fixes #1672

Merged
merged 10 commits into from
Sep 25, 2024
Merged

fix: audit fixes #1672

merged 10 commits into from
Sep 25, 2024

Conversation

oren-lava
Copy link
Collaborator

@oren-lava oren-lava commented Sep 4, 2024

Description

Closes: #XXXX

In this PR I fixed a few issues that came up during an audit of the consensus code.

  1. Added a warning comment on proper use of DetectionIndex()

  2. Added safety checks to avoid potential nil dereference in the node's code. The potential nil dereference issues were found by Uber's nilaway tool (link).
    nilaway's original reports are attached. Note, I did not fix potential errors in test code.

  3. Removed the pairing query cache.


nilaway_reports.zip

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • read the contribution guide
  • included the correct type prefix in the PR title, you can find examples of the prefixes below:
  • confirmed ! in the type prefix if API or client breaking change
  • targeted the main branch
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • included the necessary unit and integration tests
  • updated the relevant documentation or specification, including comments for documenting Go code
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Copy link

github-actions bot commented Sep 4, 2024

Test Results

2 204 tests   - 1   2 204 ✅  - 1   24m 22s ⏱️ - 1m 0s
  145 suites ±0       0 💤 ±0 
    7 files   ±0       0 ❌ ±0 

Results for commit 9218823. ± Comparison against base commit 6278d1a.

This pull request removes 1 test.
github.com/lavanet/lava/v3/x/pairing/keeper ‑ TestPairingQueryCache

♻️ This comment has been updated with latest results.

@oren-lava oren-lava marked this pull request as ready for review September 4, 2024 15:08
@pull-request-size pull-request-size bot added size/M and removed size/L labels Sep 10, 2024
@pull-request-size pull-request-size bot added size/L and removed size/M labels Sep 10, 2024
Yaroms
Yaroms previously approved these changes Sep 16, 2024
omerlavanet
omerlavanet previously approved these changes Sep 16, 2024
x/conflict/keeper/msg_server_detection.go Outdated Show resolved Hide resolved
@omerlavanet omerlavanet merged commit a5206e7 into main Sep 25, 2024
31 checks passed
@omerlavanet omerlavanet deleted the CNS-audit-fixes branch September 25, 2024 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants