# fix(oracle): handle ValAddressFromBech32 error

[ngapaxs]

Severity: LOW
File: x/oracle/abci.go
Line: 56
Repository: https://github.com/KiiChain/kiichain
Version: v6.1.0
Commit: 79bdc96
Issue: #234
PR: #240
Auditor: ngapaxs
Date: 2025-01-19

---

Summary

Found an ignored error in the oracle module's EndBlocker. When parsing validator addresses fails, the code just ignores it with _, which means that validator gets skipped silently.

---

Affected Code

if validator.IsBonded() {
    valPower := validator.GetConsensusPower(powerReduction)
    operator := validator.GetOperator()
    operatorAddr, _ := sdk.ValAddressFromBech32(operator)  // error ignored here
    claim := types.NewClaim(valPower, 0, 0, false, operatorAddr)
    validatorClaimMap[operator] = claim
}

---

Root Cause

The error from ValAddressFromBech32 gets ignored with _. If parsing fails, operatorAddr ends up nil and the claim gets an invalid recipient.

---

Impact

• Validators that fail to parse just get skipped
• Their delegation power doesn't count in the vote
• Voting power ends up wrong (missing some validators)
• Runs every vote period so this could happen often

---

Recommended Fix

operatorAddr, err := sdk.ValAddressFromBech32(operator)
if err != nil {
    ctx.Logger().Error("failed to parse operator address", "operator", operator, "error", err)
    continue
}

Just log the error and skip that validator. Don't return error because that could let malicious validators disable the whole module.

---

Reference

https://github.com/KiiChain/kiichain/blob/v6.1.0/x/oracle/abci.go#L56

[coderabbitai]

Warning

Rate limit exceeded

@ngapaxs has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 10 minutes and 59 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 3c71e75 and d6216d3.

📒 Files selected for processing (1)

• x/oracle/keeper/endblocker_coverage_test.go

Walkthrough

EndBlocker in x/oracle/abci.go now checks the error returned by sdk.ValAddressFromBech32 when converting validator operator strings; on error it logs the operator and error and continues to the next validator. A new unit test TestSlashAndResetCounters_ValidatorNotFound was added in x/oracle/endblocker_error_test.go (plus a .backup variant containing additional tests). fix_test.go was adjusted to construct a valid 20-byte ValAddress. CHANGELOG.md was updated with entries referencing the ValAddressFromBech32 handling and a CI refresh.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• KiiChain/kiichain issue 234 — Addresses the ignored error from ValAddressFromBech32 in EndBlocker by adding error handling and skipping invalid operator addresses.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: handling the ValAddressFromBech32 error in the oracle module's EndBlocker, which is the core fix in the changeset.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, providing severity, affected file, root cause, impact, and recommended fix for the error handling issue.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Line 20: The changelog entry incorrectly states the fix is in
pickReferenceDenom; update the CHANGELOG.md entry to reference the actual
location and symbols changed: the fix is in the EndBlocker function in
x/oracle/abci.go (where ValAddressFromBech32 error handling prevents a nil
operatorAddr). Edit the line to say the error handling for ValAddressFromBech32
was added in EndBlocker to prevent nil operatorAddr and link the same PR/issue
number.
- Line 52: Remove the duplicate changelog entry that references handling the
error from ValAddressFromBech32 in pickReferenceDenom: delete the line "Handle
error from ValAddressFromBech32 in pickReferenceDenom to prevent nil
operatorAddr [`#234`]" from the v6.0.0 Fixed section (leave it in UNRELEASED)
unless you intend to publish a v6.0.x patch release; ensure only one occurrence
remains and that the UNRELEASED entry is preserved if this is not a backport.

🧹 Nitpick comments (1)

x/oracle/abci.go (1)

61-64: Nit: Extra blank line.

There's a redundant blank line at line 62. Consider removing it for consistency.

Suggested fix

 				operatorAddr, err := sdk.ValAddressFromBech32(operator)
 				if err != nil {
 					ctx.Logger().Error("failed to parse operator address", "operator", operator, "error", err)
 					continue
 				}
-
 				claim := types.NewClaim(valPower, 0, 0, false, operatorAddr) // Create claim object

[codecov]

Codecov Report

❌ Patch coverage is 20.00000% with 4 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
x/oracle/abci.go	25.00%	2 Missing and 1 partial ⚠️
x/feeabstraction/keeper/fee.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@x/oracle/validator_parsing_test.go`:
- Around line 11-17: The subtest "Valid validator address parsing" currently
discards the results of sdk.ValAddressFromBech32 and uses an invalid bech32
string; update the test to call sdk.ValAddressFromBech32 with a properly-formed
bech32 validator address, capture the returned (valAddr, err), and assert err is
nil (e.g., using t.Fatalf/t.Errorf or your test assertion helper) and optionally
assert the parsed address equals the expected value; ensure the test uses
sdk.ValAddressFromBech32 and the t.Run block to perform these checks instead of
ignoring the return values.
- Around line 19-34: The tests currently only call sdk.ValAddressFromBech32 and
do not exercise the EndBlocker logic; add an integration test that constructs a
validator record with an invalid operator address, calls the module's EndBlocker
(the EndBlocker function in abci.go), and then asserts the invalid validator was
skipped by checking the validatorClaimMap does not contain that validator's key
(and optionally assert the logger captured an error); update or remove the
misleading comments that claim ValAddressFromBech32 invocation triggers
EndBlocker error handling, and reference EndBlocker, validatorClaimMap, and
sdk.ValAddressFromBech32 when locating the relevant code to modify.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

x/oracle/abci.go (1)

56-63: Critical: Missing closing brace for the if block — code will not compile.

The if err != nil { block opened at line 57 is never closed. There must be a } before the claim := types.NewClaim(...) statement on line 61.

🐛 Proposed fix

 				// Parse the operator address
 				operatorAddr, err := sdk.ValAddressFromBech32(operator)
 				if err != nil {
 					ctx.Logger().Error("failed to parse operator address", "operator", operator, "error", err)
 					continue
+				}
 
 				claim := types.NewClaim(valPower, 0, 0, false, operatorAddr) // Create claim object

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@x/oracle/endblocker_error_test.go`:
- Around line 42-60: The test TestSlashAndResetCounters_ValidatorNotFound uses
keeper.ValAddrs[0] which is likely a registered validator; change the setup so
the validator truly does not exist by either creating a new random
sdk.ValAddress (not registered with the staking keeper) and using that as
nonExistentValidator before calling oracleKeeper.VotePenaltyCounter.Set, or
explicitly remove keeper.ValAddrs[0] from the staking keeper (unregister/delete
the validator) before invoking oracleKeeper.SlashAndResetCounters; update
references to nonExistentValidator, oracleKeeper.VotePenaltyCounter.Set, and
oracleKeeper.SlashAndResetCounters accordingly so the test asserts behavior for
a truly missing validator.
- Around line 16-40: TestEndBlocker_InvalidValidatorAddress currently uses
keeper.ValAddrs[0] which is valid, so change the test to insert a deliberately
malformed validator operator address into the staking state before calling
EndBlocker: create a stakingtypes.Validator with OperatorAddress set to an
invalid string (e.g., "invalid") and store it in the staking keeper so
EndBlocker will encounter it; keep the valid AggregateExchangeRateVote for a
real validator (using AggregateExchangeRateVote.Set with keeper.ValAddrs[0]) and
then call EndBlocker(ctx, oracleKeeper) and assert no error, and still verify
normal processing (e.g., oracleKeeper.ExchangeRate.Get for utils.AtomDenom) to
ensure the invalid operator was skipped while valid validators were processed.

🧹 Nitpick comments (1)

x/oracle/endblocker_error_test.go (1)

62-82: This test validates SDK parsing, not module behavior.

Directly calling sdk.ValAddressFromBech32 doesn’t verify EndBlocker’s error handling or skip logic. Consider folding these cases into an EndBlocker test that feeds invalid operator strings and asserts that processing continues without panics.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@x/oracle/endblocker_error_test.go`:
- Around line 15-16: The test currently constructs nonExistentValidator using
sdk.ValAddress("truly_non_existent_validator"), which can produce an
invalid-length address and cause address-format errors; replace that with a
valid-length but unregistered validator address (e.g., derive a 20-byte zeroed
or random slice of correct length and cast to sdk.ValAddress) so the call to
oracleKeeper.VotePenaltyCounter.Set(ctx, nonExistentValidator,
types.NewVotePenaltyCounter(1, 0, 0)) exercises the "validator not found" path
rather than failing on address validation.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@x/oracle/endblocker_error_test.go.backup`:
- Line 1: The test file currently has a non-Go extension and won't be run;
rename the file from endblocker_error_test.go.backup to endblocker_error_test.go
so the Go toolchain will compile and execute the tests in package oracle (the
package declaration "package oracle" and any tests within functions like Test...
will then be discovered).
- Line 22: The variable stakingKeeper (assigned from input.StakingKeeper) is
declared but unused causing a compile error; either remove the unused
declaration or use it in the test. Locate the assignment to stakingKeeper in the
test (stakingKeeper := input.StakingKeeper) and either delete that line or
replace its usage with input.StakingKeeper where needed, or add
assertions/operations that reference stakingKeeper so it is used (e.g., calls or
checks involving stakingKeeper methods/state).
- Around line 71-85: The test currently tries to assign a function to
stakingKeeper.Validator which won't compile; replace that with a proper mock
that implements the staking keeper interface (e.g., define type
mockStakingKeeper struct { /* implement or embed keeper.StakingKeeper */ } and
implement the Validator(ctx sdk.Context, addr sdk.ValAddress)
(stakingtypes.ValidatorI, error) method to return your invalidValidator), then
use an instance of mockStakingKeeper in the test instead of assigning a
function. Also replace deprecated sdk.NewInt and sdk.NewDec calls with
math.NewInt and math.LegacyNewDec when constructing invalidValidator.Tokens and
invalidValidator.DelegatorShares.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@fix_test.go`:
- Around line 1-2: The file lacks a Go package declaration, imports, and a test
wrapper so it won't compile; wrap the snippet into a proper test by adding a
package line (e.g., package <yourpackage>_test or package <yourpackage>), import
"testing" and the SDK package that defines sdk.ValAddress, and move the line
creating nonExistentValidator := sdk.ValAddress(make([]byte, 20)) inside a
Test... function (e.g., func TestNonExistentValidator(t *testing.T)) so the
compiler/CI can run it; alternatively, remove this file and merge the line into
the existing test file (e.g., endblocker_error_test.go) ensuring imports and
test function are present.