Skip to content

Add MaxTipAmount for pallet-tips#1709

Merged
liamaharon merged 4 commits intoparitytech:masterfrom
aurexav:xavier/pallet-tips
Sep 28, 2023
Merged

Add MaxTipAmount for pallet-tips#1709
liamaharon merged 4 commits intoparitytech:masterfrom
aurexav:xavier/pallet-tips

Conversation

@aurexav
Copy link
Copy Markdown
Contributor

@aurexav aurexav commented Sep 26, 2023
edited
Loading

Last week we experienced a governance attack.
Surprisingly, there was no upper limit on the tip amount.

Due to the mechanism of pallet-fragment-election, the council members will be refreshed immediately. Attacker is easy to control the council and give a large tip amount.

@aurexav aurexav requested review from a team September 26, 2023 02:52
@paritytech-cicd-pr
Copy link
Copy Markdown

paritytech-cicd-pr commented Sep 26, 2023

The CI pipeline was cancelled due to failure one of the required jobs.
Job name: cargo-clippy
Logs: https://gitlab.parity.io/parity/mirrors/polkadot-sdk/-/jobs/3794037

@bkchr bkchr added the T1-FRAME This PR/Issue is related to core FRAME, the framework. label Sep 26, 2023
KiChjang
KiChjang reviewed Sep 26, 2023
View reviewed changes
Comment thread substrate/frame/tips/src/lib.rs Outdated
KiChjang
KiChjang reviewed Sep 26, 2023
View reviewed changes
Comment thread substrate/frame/tips/src/lib.rs
franciscoaguirre
franciscoaguirre approved these changes Sep 26, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@franciscoaguirre franciscoaguirre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree the ensure!s should go as early as possible to avoid extra work

@liamaharon liamaharon added the R1-breaking_change This PR introduces a breaking change and should be highlighted in the upcoming release. label Sep 28, 2023
@liamaharon liamaharon merged commit de71fec into paritytech:master Sep 28, 2023
@kiltbot kiltbot mentioned this pull request Nov 7, 2023
Closed
@Polkadot-Forum
Copy link
Copy Markdown

Polkadot-Forum commented Nov 15, 2023

This pull request has been mentioned on Polkadot Forum. There might be relevant details there:

https://forum.polkadot.network/t/polkadot-release-analysis-v1-3-0/4614/1

@ahmadkaouk ahmadkaouk mentioned this pull request Nov 16, 2023
Closed
bgallois pushed a commit to duniter/duniter-polkadot-sdk that referenced this pull request Mar 25, 2024
@aurexav
Add MaxTipAmount for pallet-tips (paritytech#1709)
917eafa 
Last week we experienced a governance attack.
Surprisingly, there was no upper limit on the tip amount.

Due to the mechanism of pallet-fragment-election, the council members
will be refreshed immediately. Attacker is easy to control the council
and give a large tip amount.
@aurexav aurexav deleted the xavier/pallet-tips branch October 28, 2024 05:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@franciscoaguirre franciscoaguirre franciscoaguirre approved these changes

@bkchr bkchr bkchr approved these changes

+2 more reviewers

@KiChjang KiChjang KiChjang left review comments

@liamaharon liamaharon liamaharon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

R1-breaking_change This PR introduces a breaking change and should be highlighted in the upcoming release. T1-FRAME This PR/Issue is related to core FRAME, the framework.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@aurexav @paritytech-cicd-pr @Polkadot-Forum @KiChjang @franciscoaguirre @bkchr @liamaharon @patriciobcs