You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[H-5] Anyone can override the handler records using the same trasnferId and failing bundle
Description
If try this.xBundle(actions, args) fails inside xReceive of the router, and the contract has dormant funds; a record is made inside the handler in the name of transferId, and funds are transferred there.
However, since anyone can call xReceive, one can call it with the same transferId later, make the bundle fail on purpose, and override the content inside the handler.
Remediation
Consider quering connext to check if the transferId passed is already processed.
The text was updated successfully, but these errors were encountered:
[H-5] Anyone can override the handler records using the same trasnferId and failing bundle
Description
If
try this.xBundle(actions, args)fails insidexReceiveof the router, and the contract has dormant funds; a record is made inside the handler in the name oftransferId, and funds are transferred there.However, since anyone can call
xReceive, one can call it with the sametransferIdlater, make the bundle fail on purpose, and override the content inside the handler.Remediation
Consider quering connext to check if the transferId passed is already processed.
The text was updated successfully, but these errors were encountered: