task: replace unwrap() calls in genesis state decoding (PM-20204)#766
Merged
Conversation
Audit finding Issue M: Node can panic on startup due to unwrap() calls in genesis state decoding (node/src/command.rs). Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
|
KICS version: v2.1.16
|
…pagation Extract `decode_genesis_state` function from `run_node` to replace three chained unwrap() calls that panic when chain spec properties contain missing, non-string, or malformed hex genesis_state values. - Return typed sc_cli::Error::Input with descriptive messages - Add 256 MiB upper bound validation on decoded genesis state size - Add 7 unit tests covering all error paths and boundary conditions Resolves: PM-20204 (Least Authority audit Issue M) Co-authored-by: Cursor <cursoragent@cursor.com>
…into task/PM-20204-node-panic-on-startup
Co-authored-by: Cursor <cursoragent@cursor.com>
Drop decode_genesis_state_oversized and decode_genesis_state_at_size_limit tests that each allocated ~512 MiB to verify a trivial integer comparison. The size guard remains in the implementation; the five remaining tests cover all three error paths, the happy path, and the empty-input edge case. Co-authored-by: Cursor <cursoragent@cursor.com>
gilescope
approved these changes
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace three
unwrap()calls in genesis state decoding with proper error propagation, preventing node panics on malformed chain specifications. Addresses Least Authority audit finding Issue M (High severity).🎫 PM-20204 📐 Engineering
Motivation
The node panics on startup when the chain specification contains a missing, non-string, or invalid-hex
genesis_stateproperty. Threeunwrap()calls inrun_node(node/src/command.rs) abort the process instead of returning actionable error messages. This prevents operators from diagnosing configuration problems and is classified as a High severity finding in the Q4 2025 Least Authority security audit (Issue M, parent epic PM-19974).Changes
decode_genesis_statefunction — Extracted from inlinerun_nodecode. Returnssc_cli::Result<Vec<u8>>with descriptivesc_cli::Error::Inputerrors for: missing key, non-string value, invalid hex encodingMAX_GENESIS_STATE_BYTES) prevents unbounded allocation from adversarial chain specschanges/changed/fix-genesis-state-decode-panic.mdfor release notes📌 Submission Checklist
🔱 Fork Strategy
🗹 TODO before merging