wrangle gosec some more

babylonlabs-io · Nov 4, 2024 · c68f0a9 · c68f0a9
1 parent 00be4cc
commit c68f0a9
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/btcclient/query.go b/btcclient/query.go
@@ -19,6 +19,10 @@ func (c *Client) GetBestBlock() (uint32, error) {
 		return 0, err
 	}
 
+	if height < 0 || height > int64(^uint32(0)) {
+		panic(fmt.Errorf("height (%d) is out of uint32 range", height)) //software bug, panic
+	}
+
 	return uint32(height), nil
 }
 
@@ -34,7 +38,11 @@ func (c *Client) GetBlockByHash(blockHash *chainhash.Hash) (*types.IndexedBlock,
 	}
 
 	btcTxs := types.GetWrappedTxs(mBlock)
-	return types.NewIndexedBlock(uint32(blockInfo.Height), &mBlock.Header, btcTxs), mBlock, nil
+	height := blockInfo.Height
+	if height < 0 || height > int64(^uint32(0)) {
+		panic(fmt.Errorf("height (%d) is out of uint32 range", height)) //software bug, panic
+	}
+	return types.NewIndexedBlock(uint32(height), &mBlock.Header, btcTxs), mBlock, nil
 }
 
 // GetBlockByHeight returns a block with the given height

diff --git a/monitor/btcscanner/block_handler.go b/monitor/btcscanner/block_handler.go
@@ -18,6 +18,9 @@ func (bs *BtcScanner) bootstrapAndBlockEventHandler() {
 	var blockEpoch *chainntnfs.BlockEpoch
 	bestKnownBlock := bs.unconfirmedBlockCache.Tip()
 	if bestKnownBlock != nil {
+		if bestKnownBlock.Height > math.MaxInt32 {
+			panic(fmt.Errorf("block height exceeds int32 range: %d", bestKnownBlock.Height))
+		}
 		hash := bestKnownBlock.BlockHash()
 		blockEpoch = &chainntnfs.BlockEpoch{
 			Hash:        &hash,

diff --git a/submitter/relayer/relayer.go b/submitter/relayer/relayer.go
@@ -612,7 +612,13 @@ func (rl *Relayer) buildTxWithData(data []byte, firstTx *wire.MsgTx) (*types.Btc
 
 // getFeeRate returns the estimated fee rate, ensuring it within [tx-fee-max, tx-fee-min]
 func (rl *Relayer) getFeeRate() chainfee.SatPerKVByte {
-	fee, err := rl.EstimateFeePerKW(uint32(rl.GetBTCConfig().TargetBlockNum))
+	targetBlockNum := rl.GetBTCConfig().TargetBlockNum
+
+	// check we are within the uint32 range
+	if targetBlockNum < 0 || targetBlockNum > int64(^uint32(0)) {
+		panic(fmt.Errorf("targetBlockNum (%d) is out of uint32 range", targetBlockNum)) //software bug, panic
+	}
+	fee, err := rl.EstimateFeePerKW(uint32(targetBlockNum))
 	if err != nil {
 		defaultFee := rl.GetBTCConfig().DefaultFee
 		rl.logger.Errorf("failed to estimate transaction fee. Using default fee %v: %s", defaultFee, err.Error())