Open ljah8 opened 2 years ago
Comments from our 09/02 sync meeting with @ValarDragon and @sunnya97:
This is a situation where there should not be any panic - it would be enough to only log the error instead of: https://github.com/osmosis-labs/osmosis/blob/f09305e60b5b23fec761ea14446ee33556313e69/x/lockup/keeper/iterator.go#L206
The main task during the Informal Audit of Before Send hook design and implementation was to detect the possible area of impact and to see if there are places that could lead to panicking in modules affected the most.
Artifacts:
Context in which audit took place
BeforeSend hook Facts:
Expectations:
Analysis Summary:
If the smart contract would be written so that some accounts can't send coins but can receive coins, unlocking matured locks in the lockup module would cause the unlockFromIterator function, i.e. the EndBlocker function, to panic.
EndBlocker: https://github.com/osmosis-labs/osmosis/blob/f09305e60b5b23fec761ea14446ee33556313e69/x/lockup/abci.go#L28
unlockFromIterator - unlocks all matured locks and panics if an error occurs: https://github.com/osmosis-labs/osmosis/blob/f09305e60b5b23fec761ea14446ee33556313e69/x/lockup/keeper/iterator.go#L196-L212
unlockMaturedLockInternalLogic - send coins back to owner from lockup module: https://github.com/osmosis-labs/osmosis/blob/f09305e60b5b23fec761ea14446ee33556313e69/x/lockup/keeper/lock.go#L332-L335
Concerns:
Native tokens can be locked in the lockup module which could cause the hook in the SendCoinsFromModuleToAccount function to trigger. If an error is returned, it will panic the lockup module in the unlockFromIterator function.
Facts:
Conclusion: It seems that exists a potential risk in this module for a new feature. Smart contract could be written to cause a panic in the module, so it is necessary to consider how to protect it.