Skip to content

fix(rpc): Missing boundary check in GetTransactionReceipt#861

Open
JayT106 wants to merge 4 commits intocrypto-org-chain:developfrom
JayT106:jt/fix-get-tx-receipt
Open

fix(rpc): Missing boundary check in GetTransactionReceipt#861
JayT106 wants to merge 4 commits intocrypto-org-chain:developfrom
JayT106:jt/fix-get-tx-receipt

Conversation

@JayT106
Copy link

@JayT106 JayT106 commented Mar 2, 2026

Closes: #XXX

Description

For contributor use:

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer

For admin use:

  • Added appropriate labels to PR (ex. WIP, R4R, docs, etc)
  • Reviewers assigned
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

@JayT106 JayT106 requested a review from a team as a code owner March 2, 2026 16:27
@JayT106 JayT106 requested review from randy-cro and thomas-nguy and removed request for a team March 2, 2026 16:27
@github-actions

This comment has been minimized.

Sign in to view
@JayT106 JayT106 changed the title fix(rpc): Missing boundary check fix(rpc): Missing boundary check in GetTransactionReceipt Mar 2, 2026
@codecov
Copy link

codecov bot commented Mar 2, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 21.87500% with 25 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.66%. Comparing base (a55a578) to head (47170d8).

Files with missing lines Patch % Lines
rpc/backend/tx_info.go 21.87% 17 Missing and 8 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #861      +/-   ##
===========================================
- Coverage    40.69%   40.66%   -0.04%     
===========================================
  Files          190      190              
  Lines        15452    15471      +19     
===========================================
+ Hits          6288     6291       +3     
- Misses        8491     8499       +8     
- Partials       673      681       +8
Files with missing lines Coverage Δ
rpc/backend/tx_info.go 54.19% <21.87%> (-2.51%) ⬇️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

songgaoye
songgaoye reviewed Mar 4, 2026
View reviewed changes
@songgaoye
Copy link

songgaoye commented Mar 4, 2026
edited
Loading

I think we should also check other code in tx_info.go like GetTransactionByHash and GetTransactionByBlockAndIndex, they use tx.GetMsgs()[res.MsgIndex] and block.Block.Txs[res.TxIndex] in similar ways.

thomas-nguy
thomas-nguy reviewed Mar 4, 2026
View reviewed changes
rpc/backend/tx_info.go
return nil, nil
}
}
if int(res.TxIndex) >= len(resBlock.Block.Txs) {
Copy link

@thomas-nguy thomas-nguy Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know in which scenario this is possible?

Copy link
Author

@JayT106 JayT106 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Theoretically it shouldn't happen. It just a defensive coding.

@JayT106
Copy link
Author

JayT106 commented Mar 4, 2026

I think we should also check other code in tx_info.go like GetTransactionByHash and GetTransactionByBlockAndIndex, they use tx.GetMsgs()[res.MsgIndex] and block.Block.Txs[res.TxIndex] in similar ways.

check added.

@songgaoye songgaoye self-requested a review March 5, 2026 02:18
songgaoye
songgaoye approved these changes Mar 5, 2026
View reviewed changes
Copy link

@songgaoye songgaoye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomas-nguy thomas-nguy thomas-nguy left review comments

@songgaoye songgaoye songgaoye approved these changes

@randy-cro randy-cro Awaiting requested review from randy-cro randy-cro is a code owner automatically assigned from crypto-org-chain/cronos-dev

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JayT106 @songgaoye @thomas-nguy