Duplicate token security vulnerability #181
Labels
Comments
|
i thought we were name spacing by contract address to prevent this? |
|
@okwme cosmos doesn't support long enough names to do this |
|
I see your comment here discussing this: #123 (comment) |
|
@jkbrooks still an issue. to resolve, would need to implement a custom token metadata module, either within the peggy codebase or for cosmos-sdk as a whole |
zmanian
added a commit
that referenced
this issue
Sep 8, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With the change to remove whitelisting, the bridge is now vulnerable to an attacker who can duplicate tokens:
An attacker can duplicate any ERC20 that has come across the bridge by creating a copy of that ERC20's contract on Ethereum and relaying over copied tokens. The copied tokens will be indistinguishable from originals on the Cosmos side due to this security vulnerability.
The text was updated successfully, but these errors were encountered: