Merge pull request #189 from 0xcellmint/master

montyly · web-flow · commit c45d73b2b626 · 2023-01-11T18:13:23.000+01:00
Update Not So Cosmos for Miss Error Handler
diff --git a/not-so-smart-contracts/cosmos/README.md b/not-so-smart-contracts/cosmos/README.md
@@ -24,7 +24,7 @@ Each _Not So Smart Cosmos_ includes a standard set of information:
 | [Broken bookkeeping](broken_bookkeeping) | Exploit mismatch between different modules' views on balances |
 | [Rounding errors](rounding_errors) | Bugs related to imprecision of finite precision arithmetic |
 | [Unregistered message handler](unregistered_msg_handler) | Broken functionality because of unregistered msg handler |
-
+| [Missing error handler](missing_error_handler) | Missing error handling leads to successful execution of a transaction that should have failed |
 ## Credits
 
 These examples are developed and maintained by [Trail of Bits](https://www.trailofbits.com/).
diff --git a/not-so-smart-contracts/cosmos/missing_error_handler/README.md b/not-so-smart-contracts/cosmos/missing_error_handler/README.md
@@ -0,0 +1,24 @@
+# Missing error handler
+
+The idiomatic way of handling errors in `Go` is to compare the returned error to nil. This way of checking for errors gives the programmer a lot of control. However, when error handling is ignored it can also lead to numerous problems. The impact of this is most obvious in method calls in the `bankKeeper` module, which even causes some accounts with insufficient balances to perform `SendCoin` operations normally without triggering a transaction failure.
+
+
+## Example 
+In the following code, `k.bankKeeper.SendCoins(ctx, sender, receiver, amount)` does not have any return values being used, including `err`. This results in `SendCoin` not being able to prevent the transaction from executing even if there is an `error` due to insufficient balance in `SendCoin`.
+```golang
+func (k msgServer) Transfer(goCtx context.Context, msg *types.MsgTransfer) (*types.MsgTransferResponse, error) {
+	...
+	k.bankKeeper.SendCoins(ctx, sender, receiver, amount)
+	...
+	return &types.MsgTransferResponse{}, nil
+}
+```
+## Mitigations
+
+- Implement the error handling process instead of missing it
+
+## External examples
+- [ignite's tutorials](https://github.com/ignite/cli/issues/2828). 
+- [Fadeev's Loan Project](https://github.com/fadeev/loan/blob/master/x/loan/keeper/msg_server_approve_loan.go)
+- [JackalLabs](https://github.com/JackalLabs/canine-chain/issues/8).
+- [OllO](https://github.com/OllO-Station/ollo/issues/20)
