From ac7f84c4fafbd1b8fa3675f90556b1a175aef9e6 Mon Sep 17 00:00:00 2001 From: Giuseppe Natale <12249307+giunatale@users.noreply.github.com> Date: Mon, 30 Mar 2026 15:40:25 +0200 Subject: [PATCH 1/2] prevent DAO addresses to be equal to authority --- x/coredaos/keeper/msg_server_test.go | 24 ++++++++++++++++++++++++ x/coredaos/types/msgs.go | 24 ++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/x/coredaos/keeper/msg_server_test.go b/x/coredaos/keeper/msg_server_test.go index 86a109167..f235d3f32 100644 --- a/x/coredaos/keeper/msg_server_test.go +++ b/x/coredaos/keeper/msg_server_test.go @@ -198,6 +198,30 @@ func TestMsgServerUpdateParams(t *testing.T) { m.StakingKeeper.EXPECT().GetDelegatorUnbonding(ctx, sdk.MustAccAddressFromBech32(unbondedAcc)).Return(math.NewInt(0), nil).Times(2) }, }, + { + name: "steeringdao set to authority address", + msg: &types.MsgUpdateParams{ + Authority: "cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + Params: types.Params{ + SteeringDaoAddress: "cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + VotingPeriodExtensionDuration: &timeDuration, + }, + }, + expectedErr: "authority address cannot be the same as steering DAO address: invalid address", + setupMocks: func(ctx sdk.Context, m *testutil.Mocks) {}, + }, + { + name: "oversightdao set to authority address", + msg: &types.MsgUpdateParams{ + Authority: "cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + Params: types.Params{ + OversightDaoAddress: "cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + VotingPeriodExtensionDuration: &timeDuration, + }, + }, + expectedErr: "authority address cannot be the same as oversight DAO address: invalid address", + setupMocks: func(ctx sdk.Context, m *testutil.Mocks) {}, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/x/coredaos/types/msgs.go b/x/coredaos/types/msgs.go index c0f226e78..3caf96078 100644 --- a/x/coredaos/types/msgs.go +++ b/x/coredaos/types/msgs.go @@ -138,9 +138,29 @@ func (msg *MsgUpdateParams) Type() string { // ValidateBasic implements the sdk.Msg interface. func (msg *MsgUpdateParams) ValidateBasic() error { - if _, err := sdk.AccAddressFromBech32(msg.Authority); err != nil { + authority, err := sdk.AccAddressFromBech32(msg.Authority) + if err != nil { return sdkerrors.ErrInvalidAddress.Wrapf("invalid authority address: %s", err) } - return msg.Params.ValidateBasic() + if err := msg.Params.ValidateBasic(); err != nil { + return err + } + + // none of the dao addresses can be same as the authority + // assumes address validation has already been done in Params.ValidateBasic + if msg.Params.OversightDaoAddress != "" { + oversightDaoAddr := sdk.MustAccAddressFromBech32(msg.Params.OversightDaoAddress) + if authority.Equals(oversightDaoAddr) { + return sdkerrors.ErrInvalidAddress.Wrapf("authority address cannot be the same as oversight DAO address") + } + } + if msg.Params.SteeringDaoAddress != "" { + steeringDaoAddr := sdk.MustAccAddressFromBech32(msg.Params.SteeringDaoAddress) + if authority.Equals(steeringDaoAddr) { + return sdkerrors.ErrInvalidAddress.Wrapf("authority address cannot be the same as steering DAO address") + } + } + + return nil } From 43b58a998d706e373137c70fab91c61992e48227 Mon Sep 17 00:00:00 2001 From: Giuseppe Natale <12249307+giunatale@users.noreply.github.com> Date: Mon, 30 Mar 2026 15:44:55 +0200 Subject: [PATCH 2/2] add CL entry --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a75f6041c..d087118f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ - Fix missing ICA controller configuration [#257](https://github.com/atomone-hub/atomone/pull/257) - Fix wrapper converters for `x/gov` [#276](https://github.com/atomone-hub/atomone/pull/276) - Add min-stake filtering for cosmos-sdk votes in the gov ante handler [#279](https://github.com/atomone-hub/atomone/pull/279) +- Prevent the designated authority to be set as the Oversight or Steering DAO address [#314](https://github.com/atomone-hub/atomone/pull/314) ### DEPENDENCIES