Canto contest - technicallyty's results

LendingMarketProposal.ValidateBasic() passes with no metadata

Affected Lines: https://github.com/Plex-Engineer/manifest/blob/main/x/unigov/types/proposal.go#L63-L65

In the event that no LendingMarketMetadata is provided, the ValidateBasic call can still pass. This would forward the transaction and eventually waste processor space processing an invalid proposal.

test:

func TestLendingMarketProposal_ValidateBasic(t *testing.T) {
	p := LendingMarketProposal{
		Title:       "hi",
		Description: "there",
	}
	err := p.ValidateBasic()
	require.NoError(t, err)
}

the test above passes, even though there is no metadata, producing a bogus govhandler.

TreasuryProposal needs better validation

More fields could be validated to stop bad proposal from coming through.

Affected Lines: https://github.com/Plex-Engineer/manifest/blob/main/x/unigov/types/proposal.go#L82-L89

Suggestion:

• check that recipient is a valid address
• check amount is > 0
• make "canto" and "note" constants rather than hard coded in the validate file function itself.
• remove prop ID and simply get it during the proposal processing. what if someone passed a bad value? better to not let the user supply this value which could be wrong, and is non-trivial to fetch from the state machine itself.

AppendLendingMarketProposal -Code Smell with where error is returned (if you decide to keep PropID in the proto object).

Error should exist and be returned where its scoped.

Affected lines: https://github.com/Plex-Engineer/manifest/blob/main/x/unigov/keeper/proposals.go#L23-L29

Suggested Change:

	if m.GetPropId() == 0 {
		var err error
		m.PropId, err = k.govKeeper.GetProposalID(ctx)
		if err != nil {
			return nil, sdkerrors.Wrap(err, "Error obtaining Proposal ID")
		}
	}