Fix topic low-weight inactive topic weight vulnerability by xmariachi · Pull Request #736 · allora-network/allora-chain

xmariachi · 2025-01-20T15:58:47Z

Purpose of Changes and their Description

Fix vulnerability: if topic has not been (re)activated, then the topic weights should not change.
Change isAdded, error for just error on addTopicToActiveSetRespectingLimitsWithoutMinWeightReset, adding some error types. The flag was not really adding value, while not processing the flag would lead to a vulnerability like the one found.

If tested, please describe how. If not, why tests are not needed. -- existing unit tests
If documented, please describe where. If not, describe why docs are not needed. -- no need, changes in functions not user-facing.
Added to Unreleased section of CHANGELOG.md?

Remove isAdded flag, handle error types

8a6948d

xmariachi changed the title ~~Remove isAdded flag, handle error types~~ Fix topic low-weight inactive topic weight vulnerability Jan 20, 2025

add to CHANGELOG

d9f71ed

xmariachi requested review from amimart, guilherme-brandao, kpeluso and spooktheducks January 20, 2025 16:14

xmariachi marked this pull request as ready for review January 20, 2025 17:53

xmariachi closed this Jan 23, 2025

xmariachi deleted the diego/proto-3256-totalsumprevioustopicweights-can-be-set-to-any-value branch January 23, 2025 13:12

xmariachi restored the diego/proto-3256-totalsumprevioustopicweights-can-be-set-to-any-value branch March 4, 2025 19:54