Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

genesis: accounts & txs #303

Merged
merged 10 commits into from
Dec 6, 2024
Merged

genesis: accounts & txs #303

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
26863ed
genesis: lol account
failfmi Dec 5, 2024
1c9fc68
feat: add vpt account
vladimir-trifonov Dec 5, 2024
9100bd2
fix: fix total supply
vladimir-trifonov Dec 5, 2024
f482d29
feat: add iliyan account
iliyanB-lime Dec 5, 2024
d976d8a
feat: add gentx transaction
iliyanB-lime Dec 5, 2024
c94aae4
feat: add account and gentx
radkomih Dec 5, 2024
15707da
feat: add vik account and gentx
vikinatora Dec 5, 2024
70595fe
genesis(lol): lower commission rate
failfmi Dec 5, 2024
de970ba
feat: add tuga to genesis
tgntr Dec 5, 2024
5f24dbd
fix: commission rate for gentx
iliyanB-lime Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 34 additions & 2 deletions networks/testnets/raspi/genesis.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,20 @@
"pub_key": null,
"account_number": "0",
"sequence": "0"
},
{
"@type": "/cosmos.auth.v1beta1.BaseAccount",
"address": "eve18p4wl3hss9e9wv264yklyjp700kn8uazvwwxyy",
"pub_key": null,
"account_number": "1",
"sequence": "0"
},
{
"@type": "/cosmos.auth.v1beta1.BaseAccount",
"address": "eve18r27aslqyuk3wsmaqqq9l4lyd6c0dach4y9lxd",
"pub_key": null,
"account_number": "1",
"sequence": "0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix duplicate account numbers

Both new accounts are assigned the same account_number "1", which could lead to transaction ordering issues and state conflicts. Each account should have a unique account number.

Suggested fix:

{
  "@type": "/cosmos.auth.v1beta1.BaseAccount",
  "address": "eve18p4wl3hss9e9wv264yklyjp700kn8uazvwwxyy",
  "pub_key": null,
- "account_number": "1",
+ "account_number": "1",
  "sequence": "0"
},
{
  "@type": "/cosmos.auth.v1beta1.BaseAccount",
  "address": "eve18r27aslqyuk3wsmaqqq9l4lyd6c0dach4y9lxd",
  "pub_key": null,
- "account_number": "1",
+ "account_number": "2",
  "sequence": "0"
}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"@type": "/cosmos.auth.v1beta1.BaseAccount",
"address": "eve18p4wl3hss9e9wv264yklyjp700kn8uazvwwxyy",
"pub_key": null,
"account_number": "1",
"sequence": "0"
},
{
"@type": "/cosmos.auth.v1beta1.BaseAccount",
"address": "eve18r27aslqyuk3wsmaqqq9l4lyd6c0dach4y9lxd",
"pub_key": null,
"account_number": "1",
"sequence": "0"
"@type": "/cosmos.auth.v1beta1.BaseAccount",
"address": "eve18p4wl3hss9e9wv264yklyjp700kn8uazvwwxyy",
"pub_key": null,
"account_number": "1",
"sequence": "0"
},
{
"@type": "/cosmos.auth.v1beta1.BaseAccount",
"address": "eve18r27aslqyuk3wsmaqqq9l4lyd6c0dach4y9lxd",
"pub_key": null,
"account_number": "2",
"sequence": "0"

}
]
},
Expand All @@ -37,6 +51,15 @@
"default_send_enabled": true
},
"balances": [
{
"address": "eve18p4wl3hss9e9wv264yklyjp700kn8uazvwwxyy",
"coins": [
{
"denom": "ueve",
"amount": "100000000000000"
}
]
},
{
"address": "eve16hpk4083nxajqhuc3rh9lvxpw6rz8z60ra3sem",
"coins": [
Expand All @@ -45,12 +68,21 @@
"amount": "100000000000000"
}
]
},
{
"address": "eve18r27aslqyuk3wsmaqqq9l4lyd6c0dach4y9lxd",
"coins": [
{
"denom": "ueve",
"amount": "100000000000000"
}
]
}
],
"supply": [
{
"denom": "ueve",
"amount": "100000000000000"
"amount": "300000000000000"
}
],
"denom_metadata": [],
Expand Down Expand Up @@ -379,4 +411,4 @@
}
}
}
}
}
1 change: 1 addition & 0 deletions networks/testnets/raspi/gentx/gentx-7fd5c2ff19fae9b881291d311d06a420018a0aba.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"body":{"messages":[{"@type":"/cosmos.staking.v1beta1.MsgCreateValidator","description":{"moniker":"vladimirtrifonov","identity":"","website":"","security_contact":"","details":""},"commission":{"rate":"0.069420000000000000","max_rate":"0.200000000000000000","max_change_rate":"0.010000000000000000"},"min_self_delegation":"1","delegator_address":"","validator_address":"evevaloper18r27aslqyuk3wsmaqqq9l4lyd6c0dach5vet82","pubkey":{"@type":"/cosmos.crypto.ed25519.PubKey","key":"NpFYcaTifPwiYVaUC6xCa9fDCpp2qbc1I2hg7m4PKmo="},"value":{"denom":"ueve","amount":"10000000000000"}}],"memo":"[email protected]:26656","timeout_height":"0","extension_options":[],"non_critical_extension_options":[]},"auth_info":{"signer_infos":[{"public_key":{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"Ato5x5j4N2ZohrVFlhuTMVmnxUdWMqB3STBV3QhOhTgR"},"mode_info":{"single":{"mode":"SIGN_MODE_DIRECT"}},"sequence":"0"}],"fee":{"amount":[],"gas_limit":"200000","payer":"","granter":""},"tip":null},"signatures":["Q+YODL55yAigOjAE1ShBEw0F79yPaeSOKaB9pe5cdXBDHBlSzkr9NjUyrKN+mapX2crXz8WbqkHy1Oisr3O+MA=="]}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix critical configuration issues in validator setup

There are several critical issues in the validator configuration:

  1. The memo contains a private IP address (192.168.0.82) which won't be accessible by other nodes
  2. The delegator_address field is empty, which will cause transaction failure

Please update the configuration with:

  1. A public IP address or DNS name for your validator node
  2. Your delegator address that will be used for the initial delegation
🧰 Tools
🪛 Gitleaks (8.21.2)

1-1: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1-1: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 checkov (3.2.312)

[HIGH] 1-2: IBM Cloud IAM Key

(CKV_SECRET_7)

💡 Codebase verification

Based on the gathered information, I can now provide a final response:

The delegation amount is significantly higher than the recommended amount

The gentx amount of 10,000,000,000,000 ueve (10M EVE) is much higher than the recommended amount from the genesis instructions, which specifies using 1,000,000 ueve for self-delegation. Other gentx files show the same high amount, but this appears to be incorrect as:

  • Genesis instructions explicitly state to fund accounts with 1,000,000,000 ueve and use 1,000,000 ueve for self-delegation
  • The total supply shown in genesis is 200,000,000,000,000 ueve, making this delegation amount (10M EVE) too large for a single validator

Please adjust your delegation amount to 1,000,000 ueve as specified in the genesis instructions.

🔗 Analysis chain

Verify the delegation amount against network parameters

The delegation amount of 10,000,000,000,000 ueve needs verification against network parameters to ensure it doesn't exceed maximum allowed stake or total supply.

Let me gather more information about the network parameters and other gentx files to make a complete assessment.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check genesis file for total supply and other validator's delegation amounts

# Find and check genesis.json file
fd -t f "genesis.json" -x cat {} | jq -r '.app_state.bank.supply[] | select(.denom=="ueve") | .amount'

# Check other gentx files for delegation amounts
fd -t f "gentx-*.json" -x jq -r '.body.messages[0].value.amount' {}

Length of output: 226

Script:

#!/bin/bash
# Check all gentx files in the directory for their delegation amounts
find . -name "gentx-*.json" -exec cat {} \; | jq -r '.body.messages[0].value.amount'

# Check if there are any network parameter files that might define staking limits
fd -t f "config.toml|app.toml|params.toml" --exec cat {}

# Look for any documentation files that might contain network parameters
fd -t f "README.md|NETWORK.md|PARAMETERS.md" --exec cat {}

Length of output: 5179

🧰 Tools
🪛 Gitleaks (8.21.2)

1-1: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1-1: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 checkov (3.2.312)

[HIGH] 1-2: IBM Cloud IAM Key

(CKV_SECRET_7)

Check failure

Code scanning / devskim

A token or key was found in source code. If this represents a secret, it should be moved somewhere else. Error test

Do not store tokens or keys in source code.
1 change: 1 addition & 0 deletions networks/testnets/raspi/gentx/gentx-9486066c4712c00a7cab5f7b188fff4c978fb9e7.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"body":{"messages":[{"@type":"/cosmos.staking.v1beta1.MsgCreateValidator","description":{"moniker":"lol","identity":"","website":"","security_contact":"","details":""},"commission":{"rate":"0.420699000000000000","max_rate":"0.200000000000000000","max_change_rate":"0.010000000000000000"},"min_self_delegation":"1","delegator_address":"","validator_address":"evevaloper18p4wl3hss9e9wv264yklyjp700kn8uazdxjj9r","pubkey":{"@type":"/cosmos.crypto.ed25519.PubKey","key":"KvRZdsJqIckq7eqZDZwejabRtqGuaClVAa2zXsjB9Zk="},"value":{"denom":"ueve","amount":"10000000000000"}}],"memo":"[email protected]:26656","timeout_height":"0","extension_options":[],"non_critical_extension_options":[]},"auth_info":{"signer_infos":[{"public_key":{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A/TFoIoCHY57GSzKLKRfq2XwbNujwGmvzXacyIAia4Ab"},"mode_info":{"single":{"mode":"SIGN_MODE_DIRECT"}},"sequence":"0"}],"fee":{"amount":[],"gas_limit":"200000","payer":"","granter":""},"tip":null},"signatures":["5JOyVCB6br30KDW+uIZaV2pgqFlR+fC5425F9NwUQPwEDpwEtUHYRRBIEOn+BXzDSLx767y2wnL3niLheiPekA=="]}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security concerns in validator configuration

Several security-related issues need to be addressed:

  1. Empty delegator_address field
  2. Missing security contact information
  3. Empty website and identity fields

Consider providing this information to enhance transparency and security of your validator.

🧰 Tools
🪛 Gitleaks (8.21.2)

1-1: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⚠️ Potential issue

Critical: Invalid commission rate configuration

The commission rate (0.420699) exceeds the maximum rate (0.200000), which will cause the transaction to fail. The commission rate must be less than or equal to the maximum rate.

-"rate":"0.420699000000000000","max_rate":"0.200000000000000000"
+"rate":"0.200000000000000000","max_rate":"0.200000000000000000"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
{"body":{"messages":[{"@type":"/cosmos.staking.v1beta1.MsgCreateValidator","description":{"moniker":"lol","identity":"","website":"","security_contact":"","details":""},"commission":{"rate":"0.420699000000000000","max_rate":"0.200000000000000000","max_change_rate":"0.010000000000000000"},"min_self_delegation":"1","delegator_address":"","validator_address":"evevaloper18p4wl3hss9e9wv264yklyjp700kn8uazdxjj9r","pubkey":{"@type":"/cosmos.crypto.ed25519.PubKey","key":"KvRZdsJqIckq7eqZDZwejabRtqGuaClVAa2zXsjB9Zk="},"value":{"denom":"ueve","amount":"10000000000000"}}],"memo":"[email protected]:26656","timeout_height":"0","extension_options":[],"non_critical_extension_options":[]},"auth_info":{"signer_infos":[{"public_key":{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A/TFoIoCHY57GSzKLKRfq2XwbNujwGmvzXacyIAia4Ab"},"mode_info":{"single":{"mode":"SIGN_MODE_DIRECT"}},"sequence":"0"}],"fee":{"amount":[],"gas_limit":"200000","payer":"","granter":""},"tip":null},"signatures":["5JOyVCB6br30KDW+uIZaV2pgqFlR+fC5425F9NwUQPwEDpwEtUHYRRBIEOn+BXzDSLx767y2wnL3niLheiPekA=="]}
{"body":{"messages":[{"@type":"/cosmos.staking.v1beta1.MsgCreateValidator","description":{"moniker":"lol","identity":"","website":"","security_contact":"","details":""},"commission":{"rate":"0.200000000000000000","max_rate":"0.200000000000000000","max_change_rate":"0.010000000000000000"},"min_self_delegation":"1","delegator_address":"","validator_address":"evevaloper18p4wl3hss9e9wv264yklyjp700kn8uazdxjj9r","pubkey":{"@type":"/cosmos.crypto.ed25519.PubKey","key":"KvRZdsJqIckq7eqZDZwejabRtqGuaClVAa2zXsjB9Zk="},"value":{"denom":"ueve","amount":"10000000000000"}}],"memo":"[email protected]:26656","timeout_height":"0","extension_options":[],"non_critical_extension_options":[]},"auth_info":{"signer_infos":[{"public_key":{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A/TFoIoCHY57GSzKLKRfq2XwbNujwGmvzXacyIAia4Ab"},"mode_info":{"single":{"mode":"SIGN_MODE_DIRECT"}},"sequence":"0"}],"fee":{"amount":[],"gas_limit":"200000","payer":"","granter":""},"tip":null},"signatures":["5JOyVCB6br30KDW+uIZaV2pgqFlR+fC5425F9NwUQPwEDpwEtUHYRRBIEOn+BXzDSLx767y2wnL3niLheiPekA=="]}
🧰 Tools
🪛 Gitleaks (8.21.2)

1-1: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Check failure

Code scanning / devskim

A token or key was found in source code. If this represents a secret, it should be moved somewhere else. Error test

Do not store tokens or keys in source code.