Oracle spamming test

[jhelison]

Description

This adds the tests related to Oracle spamming and its fixes.

Type of change

Please delete options that are not relevant.

• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Documentation (updates documentation on the project)
• chore (Updates on dependencies, gitignore, etc)
• test (For updates on tests)

How Has This Been Tested?

This is a test

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

This pull request moves the oracle.NewSpammingPreventionDecorator call earlier in the ante decorator chain (now placed after VoteAloneDecorator) and removes the duplicate invocation that previously followed IncrementSequenceDecorator, resulting in a single spamming-prevention decorator earlier in the chain. It also adds a new test, TestVulnerabilityFeelessDoubleVoting, in ante/feeless_test.go that constructs multiple oracle vote messages to exercise non-atomic double-voting checks and mempool/spam-priority behavior; the test imports x/oracle and includes scaffolding and logging for those scenarios.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Files to focus on:
  • ante/ante_cosmos.go: confirm decorator ordering is correct and that removing the duplicate does not alter required side-effect ordering with neighboring decorators.
  • ante/feeless_test.go: validate test setup, message construction, assertions, and that the scenarios reliably exercise non-atomic double-voting and spam-priority behavior rather than depending on fragile timing or environment-specific assumptions.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Oracle spamming test' directly describes the main change in the changeset, which adds tests related to oracle spamming.
Description check	✅ Passed	The description clearly relates to the changeset by explaining that it adds tests related to Oracle spamming and its fixes, which matches the actual changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch test/oracle-spamming

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4fcdfca and 6d1c602.

📒 Files selected for processing (2)

• ante/ante_cosmos.go (1 hunks)
• ante/feeless_test.go (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• ante/ante_cosmos.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: tests
• GitHub Check: golangci-lint
• GitHub Check: Analyze
• GitHub Check: test-e2e

🔇 Additional comments (1)

ante/feeless_test.go (1)

22-22: LGTM!

The oracle import is necessary for the anti-spam decorator used in the new test.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
ante/ante_cosmos.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b3d7fdf and 4fcdfca.

📒 Files selected for processing (2)

• ante/ante_cosmos.go (1 hunks)
• ante/feeless_test.go (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

ante/ante_cosmos.go (1)

x/oracle/ante.go (1)

• NewSpammingPreventionDecorator (23-27)

ante/feeless_test.go (4)

app/helpers/test_helpers.go (2)

• Setup (72-95)
• BuildTxFromMsgs (247-267)

app/apptesting/test_suite.go (1)

• RandomAccountAddress (292-295)

ante/feeless.go (1)

• NewFeelessDecorator (27-32)

x/oracle/ante.go (1)

• NewSpammingPreventionDecorator (23-27)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: CodeQL analysis (go)
• GitHub Check: Agent
• GitHub Check: liveness-test
• GitHub Check: tests
• GitHub Check: golangci-lint
• GitHub Check: Analyze
• GitHub Check: test-e2e

[Copilot]

Pull Request Overview

This PR adds comprehensive tests to validate the Oracle spamming vulnerability (AH-FL-002) and verifies that the implemented fix prevents double voting and mempool monopolization attacks. The fix moves the SpammingPreventionDecorator to execute earlier in the ante handler chain.

Key Changes:

• Added test TestVulnerabilityFeelessDoubleVoting with two sub-tests demonstrating anti-spam protection
• Repositioned NewSpammingPreventionDecorator in the ante handler chain to execute before signature verification and fee deduction

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
ante/feeless_test.go	Adds comprehensive tests validating that the anti-spam decorator prevents double voting and oracle vote spamming attacks
ante/ante_cosmos.go	Moves SpammingPreventionDecorator to line 34 (earlier in chain) from line 50, ensuring spam checks occur before expensive operations

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.