Slice append issue
Description
The BeginBlock
function in module.go contains an inappropriate usage of make and append when initializing a slice. In the following snippet, the indexes
slice is preallocated with a specific size, but elements are added using append instead of directly filling each position. This results in default empty strings occupying the [0...len(encryptedTxs.EncryptedTx)]
range, with the actual data appended after these default values.
func (am AppModule) BeginBlock(cctx context.Context) error {
...
indexes := make([]string, len(encryptedTxs.EncryptedTx))
for _, v := range encryptedTxs.EncryptedTx {
indexes = append(indexes, strconv.FormatUint(v.Index, 10))
}
ctx.EventManager().EmitEvent(
sdk.NewEvent(types.EncryptedTxDiscardedEventType,
sdk.NewAttribute(types.EncryptedTxDiscardedEventTxIDs, strings.Join(indexes, ",")),
sdk.NewAttribute(types.EncryptedTxDiscardedEventHeight, strconv.FormatUint(h, 10)),
),
)
}
Impact
This incorrect population could result in data inconsistencies, especially when indexes
is used in EmitEvent
. Consequently, the EncryptedTxDiscardedEventTxIDs
event attribute may contain unintended default values, potentially causing issues for off-chain services monitoring these events. Such services may misinterpret the event data, leading to inaccurate indexing, processing errors, or incorrect reporting on discarded transactions.
Recommendations
We recommend populating the slice directly instead of using append. For example,
for i, v := range encryptedTxs.EncryptedTx {
indexes[i] = strconv.FormatUint(v.Index, 10)
}
Alternatively, initialize an empty slice without a preallocated size:
indexes := make([]string, 0)
// or simply
indexes := []string{}
Remediation
This issue has been acknowledged by Fairblock Inc., and a fix was implemented in commit 5b830510↗.