From 278fa89f192af04af32d82fd5ef41f84f82edd97 Mon Sep 17 00:00:00 2001
From: DimitrisJim <d.f.hilliard@gmail.com>
Date: Fri, 5 Apr 2024 10:18:03 +0300
Subject: [PATCH] Merge pull request from GHSA-j496-crgh-34mx

Co-authored-by: srdtrk <srdtrk@hotmail.com>
---
 go.mod                            |  1 +
 modules/core/keeper/msg_server.go | 20 ++++++++++----------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index 3462d4cb197..6721b3926ba 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ go 1.19
 module github.com/cosmos/ibc-go/v5
 
 retract (
+	[v5.3.1, v5.3.2] // contains ASA-2024-007 vulnerability
 	v5.3.0 // contains huckleberry vulnerability
 	v5.2.0 // contains huckleberry vulnerability
 	[v5.0.0, v5.1.1] // depends on SDK version < v0.46.7
diff --git a/modules/core/keeper/msg_server.go b/modules/core/keeper/msg_server.go
index f45cafe5c7c..ad505ca96fd 100644
--- a/modules/core/keeper/msg_server.go
+++ b/modules/core/keeper/msg_server.go
@@ -476,17 +476,17 @@ func (k Keeper) Timeout(goCtx context.Context, msg *channeltypes.MsgTimeout) (*c
 		return nil, sdkerrors.Wrap(err, "timeout packet verification failed")
 	}
 
+	// Delete packet commitment
+	if err = k.ChannelKeeper.TimeoutExecuted(ctx, cap, msg.Packet); err != nil {
+		return nil, err
+	}
+
 	// Perform application logic callback
 	err = cbs.OnTimeoutPacket(ctx, msg.Packet, relayer)
 	if err != nil {
 		return nil, sdkerrors.Wrap(err, "timeout packet callback failed")
 	}
 
-	// Delete packet commitment
-	if err = k.ChannelKeeper.TimeoutExecuted(ctx, cap, msg.Packet); err != nil {
-		return nil, err
-	}
-
 	defer func() {
 		telemetry.IncrCounterWithLabels(
 			[]string{"ibc", "timeout", "packet"},
@@ -542,6 +542,11 @@ func (k Keeper) TimeoutOnClose(goCtx context.Context, msg *channeltypes.MsgTimeo
 		return nil, sdkerrors.Wrap(err, "timeout on close packet verification failed")
 	}
 
+	// Delete packet commitment
+	if err = k.ChannelKeeper.TimeoutExecuted(ctx, cap, msg.Packet); err != nil {
+		return nil, err
+	}
+
 	// Perform application logic callback
 	//
 	// NOTE: MsgTimeout and MsgTimeoutOnClose use the same "OnTimeoutPacket"
@@ -551,11 +556,6 @@ func (k Keeper) TimeoutOnClose(goCtx context.Context, msg *channeltypes.MsgTimeo
 		return nil, sdkerrors.Wrap(err, "timeout packet callback failed")
 	}
 
-	// Delete packet commitment
-	if err = k.ChannelKeeper.TimeoutExecuted(ctx, cap, msg.Packet); err != nil {
-		return nil, err
-	}
-
 	defer func() {
 		telemetry.IncrCounterWithLabels(
 			[]string{"ibc", "timeout", "packet"},