`ExtensionOptions` are not initialized before usage in the EIP712 handler

Question

`ExtensionOptions` are not initialized before usage in the EIP712 handler

omritoptix opened this issue 5 months ago · 2 comments

from the audit

Answer 1 · 2024-04-01T08:30:39.000Z

not sure about why we have this issue. we use same code as in original repo

		txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx)
		if !ok {
			return errorsmod.Wrap(errortypes.ErrUnknownExtensionOptions, "tx doesnt contain any extensions")
		}
		opts := txWithExtensions.GetExtensionOptions()
		if len(opts) != 1 {
			return errorsmod.Wrap(errortypes.ErrUnknownExtensionOptions, "tx doesnt contain expected amount of extension options")
		}

		extOpt, ok := opts[0].GetCachedValue().(*types.ExtensionOptionsWeb3Tx)
		if !ok {
			return errorsmod.Wrap(errortypes.ErrUnknownExtensionOptions, "unknown extension option")
		}

Answer 2 · 2024-04-01T16:55:56.000Z

@omritoptix @mtsitrin From what I can tell, the difference between GetCachedValue and UnpackAny is that:

the first one just returns the cached value if there is any,
while the second one looks for a cached value and if it finds it, sets it to the interface, otherwise it tries to look up if the passed interface is registered in the registry (we do it in init()), it takes .Value, deserializes it and sets it to the interface and the cached value.

It seems to me, the second option might be a bit safer, but also much slower because it relies a lot on reflection