umee-network · gsk967 · Jun 17, 2024 · Apr 30, 2024 · Apr 30, 2024 · Jun 17, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,6 +46,12 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ## Unreleased
 
+## v6.4.1 - 2024-04-30
+
+### Improvements
+
+- [daef10a](https://github.com/umee-network/umee/commit/daef10ad4f774aae915ad33f4ab1134695146785) Update dependencies.
+
 ## v6.4.0 - 2024-03-21
 
 ### Features
@@ -54,7 +60,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ### Bug Fixes
 
-- [2462](https://github.com/umee-network/umee/pull/2462) (x/leverage) Take `MaxModuleWithdraw` into account when computing user `MaxWithdraw`. 
+- [2462](https://github.com/umee-network/umee/pull/2462) (x/leverage) Take `MaxModuleWithdraw` into account when computing user `MaxWithdraw`.
 
 ## v6.4.0-beta1 - 2024-03-11
 

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -6,6 +6,10 @@
 
 The Release Procedure is defined in the [CONTRIBUTING](CONTRIBUTING.md#release-procedure) document.
 
+## v6.4.1
+
+This release updates our dependencies and applies latest patches to the v6.4.x line. All validators must update to this patch release.
+
 ## v6.4.0
 
 Highlights:

diff --git a/go.sum b/go.sum
@@ -12,6 +12,8 @@ import (
 	setup "github.com/umee-network/umee/v6/tests/e2e/setup"
 	"github.com/umee-network/umee/v6/tests/grpc"
 	"github.com/umee-network/umee/v6/util/coin"
+	ibcutil "github.com/umee-network/umee/v6/util/ibc"
+	"github.com/umee-network/umee/v6/util/sdkutil"
 	"github.com/umee-network/umee/v6/x/uibc"
 )
 
@@ -164,6 +166,14 @@ func (s *E2ETest) TestIBCTokenTransfer() {
 		// supply don't change
 		s.checkSupply(gaiaAPIEndpoint, umeeIBCHash, math.ZeroInt())
 
+		// << Recevier Addr = maximum length + 1
+		// send $110 UMEE from umee to gaia (token_quota is 100$)
+		recvAddr := sdkutil.GenerateString(ibcutil.MaximumMemoLength + 1)
+		s.SendIBC(s.Chain.ID, setup.GaiaChainID, recvAddr, exceedUmee, true, "", "")
+		// check the ibc (umee) quota after ibc txs - this one should have failed
+		// supply don't change
+		s.checkSupply(gaiaAPIEndpoint, umeeIBCHash, math.ZeroInt())
+
 		// send $110 ATOM from umee to gaia
 		exceedAtom := mulCoin(atomQuota, "1.1")
 		// supply will be not be decreased because sending amount is more than token quota so it will fail

diff --git a/tools/tools.go b/tools/tools.go
@@ -8,7 +8,6 @@
 package tools
 
 import (
-	_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
 	_ "github.com/mgechev/revive"
 	_ "mvdan.cc/gofumpt"
 

@@ -2,13 +2,35 @@
 
 import (
 	"encoding/json"
+	"fmt"
 	"strings"
 
 	sdkmath "cosmossdk.io/math"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	transfertypes "github.com/cosmos/ibc-go/v7/modules/apps/transfer/types"
+	ibcerrors "github.com/cosmos/ibc-go/v7/modules/core/errors"
 )
 
+const (
+	MaximumReceiverLength = 2048  // maximum length of the receiver address in bytes (value chosen arbitrarily)
+	MaximumMemoLength     = 32768 // maximum length of the memo in bytes (value chosen arbitrarily)
+)
+
+func ValidateRecvAddr(receiver string) error {
+	if len(receiver) > MaximumReceiverLength {
+		return sdkerrors.Wrapf(ibcerrors.ErrInvalidAddress,
+			"recipient address must not exceed %d bytes", MaximumReceiverLength)
+	}
+	return nil
+}
+
+func ValidateMemo(memo string) error {
+	if len(memo) > MaximumMemoLength {
+		return fmt.Errorf("memo must not exceed %d bytes", MaximumMemoLength)
+	}
+	return nil
+}
+
 // GetFundsFromPacket returns transfer amount and denom
 func GetFundsFromPacket(data []byte) (sdkmath.Int, string, error) {
 	var packetData transfertypes.FungibleTokenPacketData
@@ -17,6 +39,14 @@
 		return sdkmath.Int{}, "", err
 	}
 
+	if err := ValidateRecvAddr(packetData.Receiver); err != nil {
+		return sdkmath.Int{}, "", err
+	}
+
+	if err := ValidateMemo(packetData.Memo); err != nil {
+		return sdkmath.Int{}, "", err
+	}
+
 	amount, ok := sdkmath.NewIntFromString(packetData.Amount)
 	if !ok {
 		return sdkmath.Int{}, "", sdkerrors.ErrInvalidRequest.Wrapf("invalid transfer amount %s", packetData.Amount)

@@ -7,6 +7,7 @@ import (
 
 	"github.com/cometbft/cometbft/crypto"
 	ibctransfertypes "github.com/cosmos/ibc-go/v7/modules/apps/transfer/types"
+	"github.com/umee-network/umee/v6/util/sdkutil"
 	"gotest.tools/v3/assert"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
@@ -32,6 +33,17 @@ func TestGetFundsFromPacket(t *testing.T) {
 	assert.NilError(t, err)
 	assert.Equal(t, denom, fdenom)
 	assert.Equal(t, famount.String(), amount)
+
+	// invalid address
+	data.Receiver = sdkutil.GenerateString(MaximumReceiverLength + 1)
+	_, _, err = GetFundsFromPacket(data.GetBytes())
+	assert.ErrorContains(t, err, "recipient address must not exceed")
+
+	// invalid memo
+	data.Receiver = AddressFromString("a4")
+	data.Memo = sdkutil.GenerateString(MaximumMemoLength + 1)
+	_, _, err = GetFundsFromPacket(data.GetBytes())
+	assert.ErrorContains(t, err, "memo must not exceed")
 }
 
 func TestGetLocalDenom(t *testing.T) {

@@ -2,6 +2,7 @@
 
 import (
 	"fmt"
+	"math/rand"
 	"strings"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
@@ -30,3 +31,13 @@
 func FormatDecCoin(c sdk.DecCoin) string {
 	return fmt.Sprintf("%s %s", FormatDec(c.Amount), c.Denom)
 }
+
+func GenerateString(length uint) string {
+	// character set used for generating a random string in GenerateString
+	charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	bytes := make([]byte, length)
+	for i := range bytes {
+		bytes[i] = charset[rand.Intn(len(charset))]
+	}
+	return string(bytes)
+}