fix(auth): audit issues with unordered txs

types/mempool/priority_nonce.go

@@ -224,13 +224,13 @@ func (mp *PriorityNonceMempool[C]) Insert(ctx context.Context, tx sdk.Tx) error
 	priority := mp.cfg.TxPriority.GetTxPriority(ctx, tx)
 	nonce := sig.Sequence
 
-	// if it's an unordered tx, we use the gas instead of the nonce
+	// if it's an unordered tx, we use the timeout timestamp instead of the nonce
 	if unordered, ok := tx.(sdk.TxWithUnordered); ok && unordered.GetUnordered() {
-		gasLimit, err := unordered.GetGasLimit()
-		nonce = gasLimit
-		if err != nil {
-			return err
+		timestamp := unordered.GetTimeoutTimeStamp().Unix()
+		if timestamp < 0 {
+			return errors.New("invalid timestamp value")
 		}
+		nonce = uint64(timestamp)
 	}
 
 	key := txMeta[C]{nonce: nonce, priority: priority, sender: sender}
@@ -469,13 +469,13 @@ func (mp *PriorityNonceMempool[C]) Remove(tx sdk.Tx) error {
 	sender := sig.Signer.String()
 	nonce := sig.Sequence
 
-	// if it's an unordered tx, we use the gas instead of the nonce
+	// if it's an unordered tx, we use the timeout timestamp instead of the nonce
 	if unordered, ok := tx.(sdk.TxWithUnordered); ok && unordered.GetUnordered() {
-		gasLimit, err := unordered.GetGasLimit()
-		nonce = gasLimit
-		if err != nil {
-			return err
+		timestamp := unordered.GetTimeoutTimeStamp().Unix()
+		if timestamp < 0 {
+			return errors.New("invalid timestamp value")
 		}
+		nonce = uint64(timestamp)
 	}
 
 	scoreKey := txMeta[C]{nonce: nonce, sender: sender}

types/mempool/sender_nonce.go

@@ -145,13 +145,13 @@ func (snm *SenderNonceMempool) Insert(_ context.Context, tx sdk.Tx) error {
 		snm.senders[sender] = senderTxs
 	}
 
-	// if it's an unordered tx, we use the gas instead of the nonce
+	// if it's an unordered tx, we use the timeout timestamp instead of the nonce
 	if unordered, ok := tx.(sdk.TxWithUnordered); ok && unordered.GetUnordered() {
-		gasLimit, err := unordered.GetGasLimit()
-		nonce = gasLimit
-		if err != nil {
-			return err
+		timestamp := unordered.GetTimeoutTimeStamp().Unix()
+		if timestamp < 0 {
+			return errors.New("invalid timestamp value")
 		}
+		nonce = uint64(timestamp)
 	}
 
 	senderTxs.Set(nonce, tx)
@@ -236,13 +236,13 @@ func (snm *SenderNonceMempool) Remove(tx sdk.Tx) error {
 	sender := sdk.AccAddress(sig.PubKey.Address()).String()
 	nonce := sig.Sequence
 
-	// if it's an unordered tx, we use the gas instead of the nonce
+	// if it's an unordered tx, we use the timeout timestamp instead of the nonce
 	if unordered, ok := tx.(sdk.TxWithUnordered); ok && unordered.GetUnordered() {
-		gasLimit, err := unordered.GetGasLimit()
-		nonce = gasLimit
-		if err != nil {
-			return err
+		timestamp := unordered.GetTimeoutTimeStamp().Unix()
+		if timestamp < 0 {
+			return errors.New("invalid timestamp value")
 		}
+		nonce = uint64(timestamp)
 	}
 
 	senderTxs, found := snm.senders[sender]

x/auth/ante/sigverify.go

@@ -320,18 +320,24 @@ func (svd SigVerificationDecorator) consumeSignatureGas(
 // verifySig will verify the signature of the provided signer account.
 func (svd SigVerificationDecorator) verifySig(ctx context.Context, tx sdk.Tx, acc sdk.AccountI, sig signing.SignatureV2, newlyCreated bool) error {
 	execMode := svd.ak.GetEnvironment().TransactionService.ExecMode(ctx)
-	if execMode == transaction.ExecModeCheck {
-		if sig.Sequence < acc.GetSequence() {
+	unorderedTx, ok := tx.(sdk.TxWithUnordered)
+	isUnordered := ok && unorderedTx.GetUnordered()
+
+	// only check sequence if the tx is not unordered
+	if !isUnordered {
+		if execMode == transaction.ExecModeCheck {
+			if sig.Sequence < acc.GetSequence() {
+				return errorsmod.Wrapf(
+					sdkerrors.ErrWrongSequence,
+					"account sequence mismatch: expected higher than or equal to %d, got %d", acc.GetSequence(), sig.Sequence,
+				)
+			}
+		} else if sig.Sequence != acc.GetSequence() {
 			return errorsmod.Wrapf(
 				sdkerrors.ErrWrongSequence,
-				"account sequence mismatch, expected higher than or equal to %d, got %d", acc.GetSequence(), sig.Sequence,
+				"account sequence mismatch: expected %d, got %d", acc.GetSequence(), sig.Sequence,
 			)
 		}
-	} else if sig.Sequence != acc.GetSequence() {
-		return errorsmod.Wrapf(
-			sdkerrors.ErrWrongSequence,
-			"account sequence mismatch: expected %d, got %d", acc.GetSequence(), sig.Sequence,
-		)
 	}
 
 	// we're in simulation mode, or in ReCheckTx, or context is not

x/auth/ante/unordered.go

@@ -17,7 +17,9 @@ import (
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/types/tx/signing"
 	"github.com/cosmos/cosmos-sdk/x/auth/ante/unorderedtx"
+	authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing"
 )
 
 // bufPool is a pool of bytes.Buffer objects to reduce memory allocations.
@@ -146,8 +148,12 @@ func (d *UnorderedTxDecorator) ValidateTx(ctx context.Context, tx transaction.Tx
 
 // TxIdentifier returns a unique identifier for a transaction that is intended to be unordered.
 func TxIdentifier(timeout uint64, tx sdk.Tx) ([32]byte, error) {
-	feetx := tx.(sdk.FeeTx)
-	if feetx.GetFee().IsZero() {
+	sigTx, ok := tx.(authsigning.Tx)
+	if !ok {
+		return [32]byte{}, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid transaction type")
+	}
+
+	if sigTx.GetFee().IsZero() {
 		return [32]byte{}, errorsmod.Wrap(
 			sdkerrors.ErrInvalidRequest,
 			"unordered transaction must have a fee",
@@ -159,6 +165,18 @@ func TxIdentifier(timeout uint64, tx sdk.Tx) ([32]byte, error) {
 	buf.Reset()
 	defer bufPool.Put(buf)
 
+	// Add signatures to the transaction identifier
+	signatures, err := sigTx.GetSignaturesV2()
+	if err != nil {
+		return [32]byte{}, err
+	}
+
+	for _, sig := range signatures {
+		if err := addSignatures(sig.Data, buf); err != nil {
+			return [32]byte{}, err
+		}
+	}
+
 	// Use the buffer
 	for _, msg := range tx.GetMsgs() {
 		// loop through the messages and write them to the buffer
@@ -189,7 +207,7 @@ func TxIdentifier(timeout uint64, tx sdk.Tx) ([32]byte, error) {
 	}
 
 	// write gas to the buffer
-	if err := binary.Write(buf, binary.LittleEndian, feetx.GetGas()); err != nil {
+	if err := binary.Write(buf, binary.LittleEndian, sigTx.GetGas()); err != nil {
 		return [32]byte{}, errorsmod.Wrap(
 			sdkerrors.ErrInvalidRequest,
 			"failed to write unordered to buffer",
@@ -201,3 +219,27 @@ func TxIdentifier(timeout uint64, tx sdk.Tx) ([32]byte, error) {
 	// Return the Buffer to the pool
 	return txHash, nil
 }
+
+func addSignatures(sig signing.SignatureData, buf *bytes.Buffer) error {
+	switch data := sig.(type) {
+	case *signing.SingleSignatureData:
+		if _, err := buf.Write(data.Signature); err != nil {
+			return errorsmod.Wrap(
+				sdkerrors.ErrInvalidRequest,
+				"failed to write single signature to buffer",
+			)
+		}
+		return nil
+
+	case *signing.MultiSignatureData:
+		for _, sigdata := range data.Signatures {
+			if err := addSignatures(sigdata, buf); err != nil {
+				return err
+			}
+		}
+	default:
+		return fmt.Errorf("unexpected SignatureData %T", data)
+	}
+
+	return nil
+}