Validators can use unsupported public keys, triggering a chain halt

MsgRotateConsPubKey allows validators to update their consensus public key to a new key.

https://github.com/cosmos/cosmos-sdk/blob/d21620d1280538ddb1129af4979d62878850ff99/x/staking/keeper/msg_server.go#L645-L721

The rotation entry will be stored in the state and waiting to be processed.

https://github.com/cosmos/cosmos-sdk/blob/d21620d1280538ddb1129af4979d62878850ff99/x/staking/keeper/cons_pubkey.go#L54-L62

Once the waiting period has elapsed, the EndBlocker will dispatch []appmodule.ValidatorUpdate to notify CometBFT regarding the update of the validator’s new public key.

https://github.com/cosmos/cosmos-sdk/blob/d21620d1280538ddb1129af4979d62878850ff99/x/staking/keeper/val_state_change.go#L281-L297

https://github.com/cosmos/cosmos-sdk/blob/d21620d1280538ddb1129af4979d62878850ff99/baseapp/abci.go#L868-L872

The issue is that no validation ensures the validator updates their public key to a supported public key type.

https://github.com/cosmos/cosmos-sdk/blob/d21620d1280538ddb1129af4979d62878850ff99/x/staking/keeper/msg_server.go#L645-L721

For comparison, MsgCreateValidator queries the consensus parameter to ensure the public key type is whitelisted.

https://github.com/cosmos/cosmos-sdk/blob/d21620d1280538ddb1129af4979d62878850ff99/x/staking/keeper/msg_server.go#L71-L90

By the time of writing, CometBFT only supports ed25519, secp256k1 and bls12-381 public key types.

If a validator updates their public key with secp256r1, an error will occur from CometBFT.

https://github.com/cometbft/cometbft/blob/c5dfd20653babac1c06a1b0beb3a84c5d437faf1/abci/example/kvstore/kvstore.go#L203-L234

https://github.com/cometbft/cometbft/blob/c5dfd20653babac1c06a1b0beb3a84c5d437faf1/abci/example/kvstore/kvstore.go#L337-L341

https://github.com/cometbft/cometbft/blob/c5dfd20653babac1c06a1b0beb3a84c5d437faf1/abci/example/kvstore/kvstore.go#L456-L457

https://github.com/cometbft/cometbft/blob/c5dfd20653babac1c06a1b0beb3a84c5d437faf1/crypto/encoding/codec.go#L124-L169

Impact

Chain halt as CometBFT only supports ed25519, secp256k1 and bls12-381 public key types.

Impact

Proof of concept