wrangle gosec more

babylonlabs-io · Nov 4, 2024 · dd140ca · dd140ca
1 parent 7103090
commit dd140ca
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/btcclient/query.go b/btcclient/query.go
@@ -153,6 +153,10 @@ func (c *Client) getBlockVerboseWithRetry(hash *chainhash.Hash) (*btcjson.GetBlo
 // getChainBlocks returns a chain of indexed blocks from the block at baseHeight to the tipBlock
 // note: the caller needs to ensure that tipBlock is on the blockchain
 func (c *Client) getChainBlocks(baseHeight uint32, tipBlock *types.IndexedBlock) ([]*types.IndexedBlock, error) {
+	if tipBlock.Height < 0 {
+		panic(fmt.Errorf("received negative block height: %d", tipBlock.Height))
+	}
+
 	tipHeight := uint32(tipBlock.Height)
 	if tipHeight < baseHeight {
 		return nil, fmt.Errorf("the tip block height %v is less than the base height %v", tipHeight, baseHeight)
@@ -201,7 +205,7 @@ func (c *Client) FindTailBlocksByHeight(baseHeight uint32) ([]*types.IndexedBloc
 		return nil, err
 	}
 
-	if baseHeight > uint32(tipIb.Height) {
+	if int32(baseHeight) > tipIb.Height {
 		return nil, fmt.Errorf("invalid base height %d, should not be higher than tip block %d", baseHeight, tipIb.Height)
 	}
 

diff --git a/btcstaking-tracker/atomicslasher/routines.go b/btcstaking-tracker/atomicslasher/routines.go
@@ -1,6 +1,7 @@
 package atomicslasher
 
 import (
+	"fmt"
 	"time"
 
 	bstypes "github.com/babylonlabs-io/babylon/x/btcstaking/types"
@@ -58,6 +59,9 @@ func (as *AtomicSlasher) slashingTxTracker() {
 				return
 			}
 			// record BTC tip
+			if blockEpoch.Height < 0 {
+				panic(fmt.Errorf("received negative block height: %d", blockEpoch.Height))
+			}
 			as.btcTipHeight.Store(uint32(blockEpoch.Height))
 			as.logger.Debug("Received new best btc block", zap.Int32("height", blockEpoch.Height))
 			// get full BTC block

diff --git a/btcstaking-tracker/btcslasher/slasher_utils.go b/btcstaking-tracker/btcslasher/slasher_utils.go
@@ -214,6 +214,10 @@ func BuildUnbondingSlashingTxWithWitness(
 		return nil, fmt.Errorf("failed to convert covenant pks to BTC pks: %v", err)
 	}
 
+	if d.UnbondingTime > uint32(^uint16(0)) {
+		panic(fmt.Errorf("unbondingTime (%d) exceeds maximum for uint16", d.UnbondingTime))
+	}
+
 	// get unbonding info
 	unbondingInfo, err := btcstaking.BuildUnbondingInfo(
 		d.BtcPk.MustToBTCPK(),
@@ -322,6 +326,7 @@ func BuildSlashingTxWithWitness(
 	}
 
 	// get staking info
+	// #nosec G115 -- performed the conversion check above
 	stakingInfo, err := btcstaking.BuildStakingInfo(
 		d.BtcPk.MustToBTCPK(),
 		fpBtcPkList,

diff --git a/btcstaking-tracker/stakingeventwatcher/stakingeventwatcher.go b/btcstaking-tracker/stakingeventwatcher/stakingeventwatcher.go
@@ -119,6 +119,9 @@ func (sew *StakingEventWatcher) Start() error {
 		// we registered for notifications with `nil` so we should receive best block immediately
 		select {
 		case block := <-blockEventNotifier.Epochs:
+			if block.Height < 0 {
+				panic(fmt.Errorf("received negative block height: %d", block.Height))
+			}
 			sew.currentBestBlockHeight.Store(uint32(block.Height))
 		case <-sew.quit:
 			startErr = errors.New("watcher quit before finishing start")
@@ -158,6 +161,9 @@ func (sew *StakingEventWatcher) handleNewBlocks(blockNotifier *notifier.BlockEpo
 			if !ok {
 				return
 			}
+			if block.Height < 0 {
+				panic(fmt.Errorf("received negative block height: %d", block.Height))
+			}
 			sew.currentBestBlockHeight.Store(uint32(block.Height))
 			sew.logger.Debugf("Received new best btc block: %d", block.Height)
 		case <-sew.quit: