Category: Coding Mistakes
Panic for messages with no signers
Low Severity
Low Impact
High Likelihood
Description
The ante handler for the authenticator authenticates the first signer for every message in a transaction.
for msgIndex, msg := range msgs {
// By default, the first signer is the account
account, err := utils.GetAccount(msg)
if err != nil {
return sdk.Context{}, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, fmt.Sprintf("failed to get account for message %d", msgIndex))
}
func GetAccount(msg sdk.Msg) (sdk.AccAddress, error) {
if len(msg.GetSigners()) == 0 {
return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, "no signers")
}
return msg.GetSigners()[0], nil
}
It is, however, possible for certain messages to not require any signers. For example, MsgIBCSend
does not require↗ any signers.
Impact
The ante handler will panic if any message is executed without a signer.
Recommendations
If messages without a signer are not supported, then add an explicit check to ensure that the message has at least one signer and return an appropriate error if that is not the case.
Remediation
This issue has been acknowledged by Osmosis Labs, and a fix was implemented in commit eb2facfb↗. Every message now requires exactly one signer.