Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Osmosis Authentication Abstraction>Low findings>Panic for messages with no signers
GeneralOverview
Findings
Critical (2)
High (2)
Medium (2)
Low (3)Incorrect error checkPanic for zero signersFee payer authentication
Informational (1)
DiscussionSignature authenticator excessive gas
Threat ModelWhat are threat models?authenticatorauthz
Audit ResultsSummary
AppendixAppendixPOC signature authenticator authentication bypassPOC for bypass fee payer authentication
Category: Coding Mistakes

Panic for messages with no signers

Low Severity
Low Impact
High Likelihood

Description

The ante handler for the authenticator authenticates the first signer for every message in a transaction. 

for msgIndex, msg := range msgs {
	// By default, the first signer is the account
	account, err := utils.GetAccount(msg)
	if err != nil {
		return sdk.Context{}, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, fmt.Sprintf("failed to get account for message %d", msgIndex))
	}
func GetAccount(msg sdk.Msg) (sdk.AccAddress, error) {
	if len(msg.GetSigners()) == 0 {
		return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, "no signers")
	}
	return msg.GetSigners()[0], nil
}

It is, however, possible for certain messages to not require any signers. For example, MsgIBCSend does not require any signers.

Impact

The ante handler will panic if any message is executed without a signer.

Recommendations

If messages without a signer are not supported, then add an explicit check to ensure that the message has at least one signer and return an appropriate error if that is not the case.

Remediation

This issue has been acknowledged by Osmosis Labs, and a fix was implemented in commit eb2facfb. Every message now requires exactly one signer.

Zellic © 2025Back to top ↑