Skip to content

x/auth: auth fee nil guard#91

Open
marcello33 wants to merge 2 commits into
develfrom
mardizzone/nil-fee-guard
Open

x/auth: auth fee nil guard#91
marcello33 wants to merge 2 commits into
develfrom
mardizzone/nil-fee-guard

Conversation

@marcello33

Copy link
Copy Markdown
Collaborator

Summary

The wrapper accessors GetGas, GetFee, and FeePayer dereference w.tx.AuthInfo.Fee without a nil check. A protobuf-decoded tx can legitimately have AuthInfo.Fee == nil — the fee field (AuthInfo field 2) is optional and DefaultTxDecoder does not require it. When such a tx reaches the ante chain, the first decorator (SetUpContextDecorator) calls GetGas(), which then hits a nil pointer dereference.

runTx's recovery middleware catches it, so it is not fatal — but every fee-less tx becomes a recovered panic (with a full stack capture) instead of a clean rejection. On a node that receives such txs over the mempool this is noisy and wasteful.

This guards the three accessors against a nil Fee, mirroring the guard the wrapper's setters (SetGasLimit, SetFeeAmount, SetFeePayer, SetFeeGranter) already apply. A fee-less tx now reports gas 0 / no fee and is rejected through the normal ante path (out-of-gas / fee checks) rather than panicking. A well-formed tx (Fee present) is completely unaffected.

Executed tests

  • x/auth/tx/nilfee_repro_test.go: decodes a tx whose AuthInfo omits the fee field and asserts GetGas/GetFee no longer panic and return zero values; plus round-trips confirming an empty &Fee{} and a populated Fee are unchanged.
  • go test ./x/auth/tx/... ./x/auth/ante/... — pass.
  • diffguard on x/auth/tx/builder.go: 100% mutation kill on the changed accessors, all gates green.

Rollout notes

  • Behavioral only — no proto, state, or API change. Backward-compatible.
  • Not consensus-affecting; no hardfork required.
  • Consumed by heimdall-v2 via a go.mod replace bump once this merges and the fork is tagged.

@marcello33 marcello33 requested a review from Copilot July 3, 2026 13:25
@marcello33

Copy link
Copy Markdown
Collaborator Author

@claude review once

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prevents recovered panics caused by protobuf-decoded transactions where AuthInfo.Fee is legitimately omitted (nil) by guarding fee-related accessors in the x/auth/tx wrapper, and adds a regression test reproducing the nil-fee decode scenario.

Changes:

  • Add nil checks to GetGas and GetFee so fee-less decoded txs return zero values instead of panicking.
  • Update FeePayer accessor logic to avoid a direct nil dereference.
  • Add a new regression test that decodes a tx whose AuthInfo omits the fee field and asserts accessor behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
x/auth/tx/builder.go Adds nil guards for fee-related wrapper accessors to prevent nil dereference panics on decoded txs missing AuthInfo.Fee.
x/auth/tx/nilfee_repro_test.go New regression tests covering decoding of fee-less AuthInfo and validating accessor behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread x/auth/tx/builder.go
Comment thread x/auth/tx/nilfee_repro_test.go
Comment thread x/auth/tx/nilfee_repro_test.go
Comment thread x/auth/tx/nilfee_repro_test.go
manav2401
manav2401 previously approved these changes Jul 3, 2026

@manav2401 manav2401 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - good to include the copilot suggestions.

@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants