[IF-FINDING-001] Invariant checks through crisis module may go unnoticed#61
Merged
AdriaCarrera merged 6 commits intomainfrom Mar 18, 2025
Merged
[IF-FINDING-001] Invariant checks through crisis module may go unnoticed#61AdriaCarrera merged 6 commits intomainfrom
AdriaCarrera merged 6 commits intomainfrom
Conversation
GuillemGarciaDev
approved these changes
Mar 18, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[IF-FINDING-001] Invariant checks through crisis module may go unnoticed
Description
The x/crisis module is not advisable to use (see security advisory) because it does not actually halt the chain when an invariant check fails. While the module allows submitting a MsgVerifyInvariant transaction to confirm an invariant violation, this transaction does not cause nodes to panic. Instead, the SDK’s panic-recovery mechanism treats it as an invalid transaction and allows the chain to continue processing blocks.
Additionally, only nodes running with --inv-check-period X will panic upon detecting an invariant violation in EndBlock, but this is rarely used in production due to the high resource cost of running invariant checks every X blocks and in the case of this project the check period is set to zero meaning that it will not get triggered automatically. As a result, invariant violations may go unnoticed, making the module ineffective in practice.
Problem scenarios
Invariant violations may go unnoticed.
Recommendation
Consider alternative approaches for checking invariants, such as monitoring with alerts. Additionally, carefully evaluate the desired behavior for each invariant violation. Some violations may warrant stopping the chain, while others may only require raising an alert.
Applied changes
Removed all invariants, we will add monitoring system that will trigger alerts in the case some check is not done