Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add x/protocolpool #23933

Draft
wants to merge 54 commits into
base: release/v0.53.x
Choose a base branch
from
Draft

chore: add x/protocolpool #23933

wants to merge 54 commits into from

Conversation

aljo242
Copy link
Collaborator

@aljo242 aljo242 commented Mar 7, 2025
edited
Loading

keeping as a draft

  • add module
  • add proto
  • add to legacy and di applications
  • update readme
  • add legacy amino
  • make compatible with v53

TODO:

  • reintegrate sims
  • get all fixes into x/distr
  • add switchover logic to x/distr

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 7, 2025
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gosec found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 7, 2025
View reviewed changes
x/protocolpool/module.go
func (am AppModule) BeginBlock(ctx context.Context) error {
sdkCtx := sdk.UnwrapSDKContext(ctx)

return am.keeper.BeginBlocker(sdkCtx)

Check warning

Code scanning / CodeQL

Panic in BeginBock or EndBlock consensus methods Warning

path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 18, 2025
edited
Loading

⚠️ govulncheck found vulnerabilities:

mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/
GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
    CometBFT allows a malicious peer to stall the network by disseminating
    seemingly valid block parts in github.com/cometbft/cometbft
  More info: https://pkg.go.dev/vuln/GO-2025-3443
  Module: github.com/cometbft/cometbft
    Found in: github.com/cometbft/[email protected]
    Fixed in: github.com/cometbft/[email protected]
    Example traces found:
      #1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
      #2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
      #3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
      #4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions GitHub Actions
Copy link
Contributor 

    ⚠️ **govulncheck found vulnerabilities:**


    >mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/

GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
CometBFT allows a malicious peer to stall the network by disseminating
seemingly valid block parts in github.com/cometbft/cometbft
More info: https://pkg.go.dev/vuln/GO-2025-3443
Module: github.com/cometbft/cometbft
Found in: github.com/cometbft/[email protected]
Fixed in: github.com/cometbft/[email protected]
Example traces found:
#1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
#4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions GitHub Actions
Copy link
Contributor 

    ⚠️ **govulncheck found vulnerabilities:**


    >mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/

GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
CometBFT allows a malicious peer to stall the network by disseminating
seemingly valid block parts in github.com/cometbft/cometbft
More info: https://pkg.go.dev/vuln/GO-2025-3443
Module: github.com/cometbft/cometbft
Found in: github.com/cometbft/[email protected]
Fixed in: github.com/cometbft/[email protected]
Example traces found:
#1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
#4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions GitHub Actions
Copy link
Contributor 

    ⚠️ **govulncheck found vulnerabilities:**


    >mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/

GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
CometBFT allows a malicious peer to stall the network by disseminating
seemingly valid block parts in github.com/cometbft/cometbft
More info: https://pkg.go.dev/vuln/GO-2025-3443
Module: github.com/cometbft/cometbft
Found in: github.com/cometbft/[email protected]
Fixed in: github.com/cometbft/[email protected]
Example traces found:
#1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
#4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions GitHub Actions
Copy link
Contributor 

    ⚠️ **govulncheck found vulnerabilities:**


    >mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/

GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
CometBFT allows a malicious peer to stall the network by disseminating
seemingly valid block parts in github.com/cometbft/cometbft
More info: https://pkg.go.dev/vuln/GO-2025-3443
Module: github.com/cometbft/cometbft
Found in: github.com/cometbft/[email protected]
Fixed in: github.com/cometbft/[email protected]
Example traces found:
#1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
#4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions GitHub Actions
Copy link
Contributor 

    ⚠️ **govulncheck found vulnerabilities:**


    >mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/

GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
CometBFT allows a malicious peer to stall the network by disseminating
seemingly valid block parts in github.com/cometbft/cometbft
More info: https://pkg.go.dev/vuln/GO-2025-3443
Module: github.com/cometbft/cometbft
Found in: github.com/cometbft/[email protected]
Fixed in: github.com/cometbft/[email protected]
Example traces found:
#1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
#4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions GitHub Actions
Copy link
Contributor 

    ⚠️ **govulncheck found vulnerabilities:**


    >mkdir -p /home/runner/work/cosmos-sdk/cosmos-sdk/build/

GOBIN=/home/runner/work/cosmos-sdk/cosmos-sdk/build go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v1.1.4
go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
go: downloading golang.org/x/mod v0.22.0
go: downloading golang.org/x/tools v0.29.0
/home/runner/work/cosmos-sdk/cosmos-sdk/build/govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3443
CometBFT allows a malicious peer to stall the network by disseminating
seemingly valid block parts in github.com/cometbft/cometbft
More info: https://pkg.go.dev/vuln/GO-2025-3443
Module: github.com/cometbft/cometbft
Found in: github.com/cometbft/[email protected]
Fixed in: github.com/cometbft/[email protected]
Example traces found:
#1: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#2: testutil/network/util.go:74:24: network.startInProcess calls service.BaseService.Start, which eventually calls types.Part.ValidateBasic
#3: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto
#4: client/rpc/block.go:56:36: rpc.QueryBlocks calls local.Local.BlockSearch, which eventually calls types.PartFromProto

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
make: *** [Makefile:155: vulncheck] Error 3

@github-actions github-actions bot added the C:x/distribution distribution module related label Mar 20, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 20, 2025
View reviewed changes
x/distribution/abci.go
if err := k.AllocateTokens(ctx, previousTotalPower, ctx.VoteInfos()); err != nil {
return err
}
if err := k.BeginBlocker(ctx); err != nil {

Check warning

Code scanning / CodeQL

Panic in BeginBock or EndBlock consensus methods Warning

path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
x/distribution/keeper/abci.go
// ref https://github.com/cosmos/cosmos-sdk/issues/3095
height := ctx.BlockHeight()
if height > 1 {
if err := k.AllocateTokens(ctx, previousTotalPower, ctx.VoteInfos()); err != nil {

Check warning

Code scanning / CodeQL

Panic in BeginBock or EndBlock consensus methods Warning

path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
x/distribution/keeper/abci.go

// send whole coins from community pool to x/protocolpool if enabled
if k.externalCommunityPoolEnabled() {
if err := k.sendCommunityPoolToExternalPool(ctx); err != nil {

Check warning

Code scanning / CodeQL

Panic in BeginBock or EndBlock consensus methods Warning

path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
x/distribution/keeper/abci.go

// record the proposer for when we pay out on the next block
consAddr := sdk.ConsAddress(ctx.BlockHeader().ProposerAddress)
return k.SetPreviousProposerConsAddr(ctx, consAddr)

Check warning

Code scanning / CodeQL

Panic in BeginBock or EndBlock consensus methods Warning

path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
x/protocolpool/keeper/abci.go
start := telemetry.Now()
defer telemetry.ModuleMeasureSince(types.ModuleName, start, telemetry.MetricKeyBeginBlocker)

return k.SetToDistribute(ctx)

Check warning

Code scanning / CodeQL

Panic in BeginBock or EndBlock consensus methods Warning

path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
path flow from Begin/EndBlock to a panic call
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
C:Simulations C:x/distribution distribution module related C:x/protocolpool Type: Build
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aljo242