Petite Fleece Cheetah
Medium
The problem is that the protocol incorrectly handles error registrations.
The errors.go file is located in the x module of the CosmosSDK app so it has to be compatible with the documentation:
https://docs.cosmos.network/v0.50/build/building-modules/errors#registration
Each custom module error must provide the codespace, which is typically the module name (e.g. "distribution") and is unique per module, and a uint32 code. Together, the codespace and code provide a globally unique Cosmos SDK error. Typically, the code is monotonically increasing but does not necessarily have to be. The only restrictions on error codes are the following:
Must be greater than one, as a code value of one is reserved for internal errors.
Must be unique within the module.The current implementation does not follow the rules indicating the abnormal behavior of the system.
No response
No response
No response
Abnormal running of the system.
https://github.com/sherlock-audit/2024-12-babylon/blob/main/babylon/btcstaking/errors.go#L1-10
package btcstaking
import "errors"
var (
ErrInvalidSlashingRate = errors.New("invalid slashing rate")
ErrDustOutputFound = errors.New("transaction contains a dust output")
ErrInsufficientSlashingAmount = errors.New("insufficient slashing amount")
ErrInsufficientChangeAmount = errors.New("insufficient change amount")
)The same issue was reported here in the Allora contest: sherlock-audit/2024-06-allora-judging#82
The issue can be fixed the following way:
import (
sdkerrors "cosmossdk.io/errors"
)
const ModuleName = "btcstaking"
var (
ErrInvalidSlashingRate = sdkerrors.Register(ModuleName, 2, "invalid slashing rate") // ✅ Start from 2
ErrDustOutputFound = sdkerrors.Register(ModuleName, 3, "transaction contains a dust output")
ErrInsufficientSlashingAmount = sdkerrors.Register(ModuleName, 4, "insufficient slashing amount")
ErrInsufficientChangeAmount = sdkerrors.Register(ModuleName, 5, "insufficient change amount")
)