fix: add missing QuerySequence case to socket client resMatchesReq (backport #2844)#2937
Merged
rootulp merged 2 commits intov0.39.x-celestiafrom Apr 17, 2026
Merged
Conversation
…2844) ## Summary - The `resMatchesReq` function in the socket ABCI client (`abci/client/socket_client.go`) was missing a case for `Request_QuerySequence` ↔ `Response_QuerySequence`. When `QuerySequence` was called over the socket transport, the client treated the valid response as "unexpected", stopped itself with an error, and `killTMOnClientError` terminated the node process. - This was reported via the Hacken bug bounty program as a remote DoS vector: a peer sends a `SeenTx` message with a non-empty `Signer`, the CAT reactor calls `querySequenceFromApplication`, which triggers the bug over the socket transport. - **Real-world impact is low** because celestia-app (and Cosmos SDK apps in general) use the in-process local ABCI client, not the socket transport. The local client calls `QuerySequence` directly and is unaffected. - The fix adds the missing case to `resMatchesReq`. A regression test (`TestQuerySequenceCrashesSocketClient`) is included. ## Test plan - [x] `TestQuerySequenceCrashesSocketClient` — calls `QuerySequence` over the socket transport and verifies the client remains healthy - [ ] Existing socket client tests still pass (`go test ./abci/client/...`) 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- devin-review-badge-begin --> --- <a href="https://app.devin.ai/review/celestiaorg/celestia-core/pull/2844" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a> <!-- devin-review-badge-end --> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> (cherry picked from commit d87f7d7)
mergify
Bot
requested review from
evan-forbes,
mcrakhman,
ninabarbakadze and
rach-id
as code owners
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
ninabarbakadze
approved these changes
Apr 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
resMatchesReqfunction in the socket ABCI client (abci/client/socket_client.go) was missing a case forRequest_QuerySequence↔Response_QuerySequence. WhenQuerySequencewas called over the socket transport, the client treated the valid response as "unexpected", stopped itself with an error, andkillTMOnClientErrorterminated the node process.SeenTxmessage with a non-emptySigner, the CAT reactor callsquerySequenceFromApplication, which triggers the bug over the socket transport.QuerySequencedirectly and is unaffected.resMatchesReq. A regression test (TestQuerySequenceCrashesSocketClient) is included.Test plan
TestQuerySequenceCrashesSocketClient— callsQuerySequenceover the socket transport and verifies the client remains healthygo test ./abci/client/...)🤖 Generated with Claude Code
This is an automatic backport of pull request #2844 done by [Mergify](https://mergify.com).