fix: x/auth/types: ensure nil .BaseAccounts are reported in ModuleAcc…

…ount.Validate This change ensures that ModuleAccount.Validate flags nil .BaseAccount to avoid a nil pointer dereference. This bug was found by fuzzing cosmos/gaia. Fixes #16552
cosmos · Jun 14, 2023 · 99dd572 · 99dd572
1 parent 3a35353
commit 99dd572
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -40,6 +40,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ### Improvements
 
+* (x/auth/types) [#16554](https://github.com/cosmos/cosmos-sdk/pull/16554) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking.
 * (all) [#16497](https://github.com/cosmos/cosmos-sdk/pull/16497) Removed all exported vestiges of `sdk.MustSortJSON` and `sdk.SortJSON`.
 
 ### API Breaking Changes

diff --git a/x/auth/types/account.go b/x/auth/types/account.go
@@ -222,6 +222,10 @@ func (ma ModuleAccount) Validate() error {
 		return fmt.Errorf("address %s cannot be derived from the module name '%s'", ma.Address, ma.Name)
 	}
 
+	if ma.BaseAccount == nil {
+		return errors.New("uninitialized ModuleAccount: BaseAccount is nil")
+	}
+
 	return ma.BaseAccount.Validate()
 }
 

diff --git a/x/auth/types/account_test.go b/x/auth/types/account_test.go
@@ -193,3 +193,8 @@ func TestNewModuleAddressOrBech32Address(t *testing.T) {
 	require.Equal(t, input, types.NewModuleAddressOrBech32Address(input).String())
 	require.Equal(t, "cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", types.NewModuleAddressOrBech32Address("distribution").String())
 }
+
+func TestModuleAccountValidateNilBaseAccount(t *testing.T) {
+	ma := &types.ModuleAccount{Name: "foo"}
+	_ = ma.Validate()
+}