Description

The BeginBlock function in module.go contains an inappropriate usage of make and append when initializing a slice. In the following snippet, the indexes slice is preallocated with a specific size, but elements are added using append instead of directly filling each position. This results in default empty strings occupying the [0...len(encryptedTxs.EncryptedTx)] range, with the actual data appended after these default values.

func (am AppModule) BeginBlock(cctx context.Context) error {
    ...
    indexes := make([]string, len(encryptedTxs.EncryptedTx))
    for _, v := range encryptedTxs.EncryptedTx {
        indexes = append(indexes, strconv.FormatUint(v.Index, 10))
    }
    ctx.EventManager().EmitEvent(
        sdk.NewEvent(types.EncryptedTxDiscardedEventType,
            sdk.NewAttribute(types.EncryptedTxDiscardedEventTxIDs, strings.Join(indexes, ",")),
            sdk.NewAttribute(types.EncryptedTxDiscardedEventHeight, strconv.FormatUint(h, 10)),
        ),
    )
}

Impact

This incorrect population could result in data inconsistencies, especially when indexes is used in EmitEvent. Consequently, the EncryptedTxDiscardedEventTxIDs event attribute may contain unintended default values, potentially causing issues for off-chain services monitoring these events. Such services may misinterpret the event data, leading to inaccurate indexing, processing errors, or incorrect reporting on discarded transactions.

Recommendations

We recommend populating the slice directly instead of using append. For example,

for i, v := range encryptedTxs.EncryptedTx {
    indexes[i] = strconv.FormatUint(v.Index, 10)
}

Alternatively, initialize an empty slice without a preallocated size:

indexes := make([]string, 0)
// or simply
indexes := []string{}

Remediation

This issue has been acknowledged by Fairblock Inc., and a fix was implemented in commit 5b830510↗.