From 35f1919a1c7353ae55a6dc18f62f8b66c9badc69 Mon Sep 17 00:00:00 2001 From: Pantani Date: Tue, 31 Mar 2026 20:00:02 -0300 Subject: [PATCH 1/2] fix(x/coredaos): revalidate `UpdateParams` on execution --- x/coredaos/keeper/msg_server.go | 4 +++ x/coredaos/keeper/msg_server_test.go | 43 ++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/x/coredaos/keeper/msg_server.go b/x/coredaos/keeper/msg_server.go index 54215bb9..47b1cf88 100644 --- a/x/coredaos/keeper/msg_server.go +++ b/x/coredaos/keeper/msg_server.go @@ -31,6 +31,10 @@ func NewMsgServer(k *Keeper) types.MsgServer { func (ms MsgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { ctx := sdk.UnwrapSDKContext(goCtx) + if err := msg.ValidateBasic(); err != nil { + return nil, err + } + if ms.k.GetAuthority() != msg.Authority { return nil, types.ErrInvalidSigner.Wrapf("invalid authority; expected %s, got %s", ms.k.GetAuthority(), msg.Authority) } diff --git a/x/coredaos/keeper/msg_server_test.go b/x/coredaos/keeper/msg_server_test.go index 86a10916..2783e33f 100644 --- a/x/coredaos/keeper/msg_server_test.go +++ b/x/coredaos/keeper/msg_server_test.go @@ -225,6 +225,49 @@ func TestMsgServerUpdateParams(t *testing.T) { } } +func TestMsgServerUpdateParamsRevalidatesOnExecution(t *testing.T) { + const authority = "cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn" + + timeDuration := time.Duration(1) + tests := []struct { + name string + params types.Params + expectedErr string + }{ + { + name: "steeringdao set to authority address", + params: types.Params{ + SteeringDaoAddress: authority, + VotingPeriodExtensionDuration: &timeDuration, + }, + expectedErr: "authority address cannot be the same as steering DAO address: invalid address", + }, + { + name: "oversightdao set to authority address", + params: types.Params{ + OversightDaoAddress: authority, + VotingPeriodExtensionDuration: &timeDuration, + }, + expectedErr: "authority address cannot be the same as oversight DAO address: invalid address", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ms, k, _, ctx := testutil.SetupMsgServer(t) + params := types.DefaultParams() + k.Params.Set(ctx, params) + + _, err := ms.UpdateParams(ctx, &types.MsgUpdateParams{ + Authority: authority, + Params: tt.params, + }) + require.EqualError(t, err, tt.expectedErr) + require.Equal(t, params, k.GetParams(ctx)) + }) + } +} + func TestMsgServerAnnotateProposal(t *testing.T) { testAcc := simtestutil.CreateRandomAccounts(2) annotatorAcc := testAcc[0].String() From 30bbf0b4ec9ef86796604c9e191ebbd62fcf64a2 Mon Sep 17 00:00:00 2001 From: Danilo Pantani Date: Wed, 1 Apr 2026 12:06:56 -0300 Subject: [PATCH 2/2] Apply suggestion from @Pantani --- x/coredaos/keeper/msg_server.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/x/coredaos/keeper/msg_server.go b/x/coredaos/keeper/msg_server.go index 47b1cf88..54215bb9 100644 --- a/x/coredaos/keeper/msg_server.go +++ b/x/coredaos/keeper/msg_server.go @@ -31,10 +31,6 @@ func NewMsgServer(k *Keeper) types.MsgServer { func (ms MsgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { ctx := sdk.UnwrapSDKContext(goCtx) - if err := msg.ValidateBasic(); err != nil { - return nil, err - } - if ms.k.GetAuthority() != msg.Authority { return nil, types.ErrInvalidSigner.Wrapf("invalid authority; expected %s, got %s", ms.k.GetAuthority(), msg.Authority) }