GEO-01 | Missing Genesis States in `x/oracle`

[Brando753]

Affected Files: genesis.go L13 and L36.

Description

In the x/oracle/genesis.go, the ExportGenesis() function exports the adminAccount, whiteList and prophecies data which stored in the oracle keeper. These data can be imported through the InitGenesis() function when upgrading the chain to ensure that the data will not be lost. The auditor believes that the following data should also be exported in the ExportGenesis() function.

1. The function exports all prophecies, but does not export prophecyInfo, it includes detailed transaction data such as signatures, transaction amount and so on. The auditor believe that both basic and detailed data for the prophecy should be exported.
2. The withnessLockBurnNonce of the validator is very important. It represents the last transaction sequence executed by the validator, ensuring the orderliness of the cosmos chain transactions and preventing the repeated execution of transactions. It needs to be in sync with the globalNonce in the ethbridge module. If the ethBridge module is upgraded and initialized, the oracle module also needs to be initialized to ensure that the verification node's withnessLockBurnNonce and the ethbridge module's globalNonce are kept in sync.

Recommendation

Recommend exporting the data proposed above in ExportGenesis() function and importing them in InitGenesis() function.

[Brando753]

This issue expands upon and obsoletes private issues repo #2119.

[juniuszhou]

close it after #3160 merged.