fix(drive): handle malicious quorum_type without panicking#3288
Conversation
Add a test that demonstrates a security finding: `verify_tenderdash_proof` uses `.expect()` on `quorum_type.try_into()` where `quorum_type` is a `u32` from an untrusted gRPC response. Any value > 255 (e.g. `u32::MAX`) causes the client to panic instead of returning an error. A malicious node can exploit this to crash any SDK client by serving a proof response with an out-of-range `quorum_type` value. The test uses `#[should_panic]` to prove the bug exists. Once fixed, the test should be updated to assert `Err` is returned instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…sted quorum_type Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## v3.1-dev #3288 +/- ##
============================================
- Coverage 70.42% 68.28% -2.15%
============================================
Files 3293 3293
Lines 262598 262598
============================================
- Hits 184935 179314 -5621
- Misses 77663 83284 +5621
🚀 New features to boost your workflow:
|
Summary
quorum_typein proof responsesexpect()on untrusted input with proper error propagationIssue
verify_tenderdash_proofused.expect()on the result ofquorum_type.try_into(), wherequorum_typeis au32from an untrusted gRPC response. Any node could crash any client by servingquorum_type = u32::MAX.Test plan
🤖 Generated with Claude Code