wormchain: wormhole: Don't allow changes to the consensus guardian set

This would allow a jailed guardian to simply register a new validator
address and bypass the jail.

wormhole_chain/x/wormhole/keeper/msg_server_register_account_as_guardian.go

@@ -46,6 +46,12 @@ func (k msgServer) RegisterAccountAsGuardian(goCtx context.Context, msg *types.M
 	// we don't allow registration of arbitrary public keys, since that would
 	// enable a DoS vector
 	latestGuardianSetIndex := k.Keeper.GetLatestGuardianSetIndex(ctx)
+	consensusGuardianSetIndex, found := k.GetConsensusGuardianSetIndex(ctx)
+
+	if found && latestGuardianSetIndex == consensusGuardianSetIndex.Index {
+		return nil, types.ErrConsensusSetNotUpdatable
+	}
+
 	latestGuardianSet, found := k.Keeper.GetGuardianSet(ctx, latestGuardianSetIndex)
 
 	if !found {

wormhole_chain/x/wormhole/types/errors.go

@@ -30,4 +30,5 @@ var (
 	ErrNewGuardianSetHasExpiry        = sdkerrors.Register(ModuleName, 1119, "new guardian set should not have expiry time")
 	ErrDuplicateGuardianAddress       = sdkerrors.Register(ModuleName, 1120, "guardian set has duplicate addresses")
 	ErrSignerAlreadyRegistered        = sdkerrors.Register(ModuleName, 1121, "transaction signer already registered as a guardian validator")
+	ErrConsensusSetNotUpdatable       = sdkerrors.Register(ModuleName, 1122, "cannot make changes to active consensus guardian set")
 )