Missing Outbound Disabled Check #332
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-414
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2023-11-zetachain/blob/b237708ed5e86f12c4bddabddfd42f001e81941a/repos/node/x/crosschain/keeper/keeper_cross_chain_tx_vote_outbound_tx.go#L61
Vulnerability details
Missing Outbound Disabled Check
The zetachain cosmos sdk application has various settings for enabling or disabling particular functionality within the
crosschainFlags
structure. These range fromIsInboundEnabled
,IsOutboundEnabled
, gas flags and block header verification settings. These are meant to act as protections and settings for the administrator to control in the protocol. For instance, if a hack was occurring, an admin could simply disable inbound and outbound transactions in the protocol.The flag
IsOutboundEnabled
is not used within the Zetachain Cosmos SDK at all. It is used by thezetaclient
application though, admittedly. As a result, if this flag is enabled, it is still possible to vote on outbound transactions, when it should have been disabled already. This leads to situations where explicitly disabled functionality may still be usable.If the admin of the system ONLY wanted to disable outbound event voting then this would be less than ideal but not the end of the world. Additionally, if the inbound is disabled then outbound will likely be disabled as well. If there's nothing coming on the inbound, then there is nothing going outbound anyway. Regardless of these limitations, the capability to disable outbound transactions is set within code, but not properly used by Zetachain, leading to the potential issues.
Proof of Concept
The proof of concept below sets up an inbound transaction and an outbound transaction. Prior to voting on the outbound transaction, the crosschain flag is set to disable outbound functionality. Regardless, the voting process still completes.
How to run the PoC:
node/x/crosschain/keeper/keeper_cross_chain_tx_vote_inbound_tx_test.go
"github.com/zeta-chain/zetacore/common"
,"fmt"
and"cosmossdk.io/math"
into the imports of the file.go test -v ./x/crosschain/keeper -run TestKeeper_outbound_submission_missing_check
to execute the test case.Remediation
Add a check for
isOutboundEnabled
to all locations where outbound transactions are being handled within the Zetachain code. By doing this, the protection can be used as designed. For instance, adding within theVoteOnObservedOutboundTx
message.Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: