Skip to content

lapidix/ibc-timeout-bug-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
hermes
hermes
 
 
scripts
scripts
 
 
simapp
simapp
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

IBC Timeout Bug PoC

This project is a simple proof of concept to reproduce a bug in IBC transactions through ibc-go, specifically related to packet timeout block height.

Bug Description

The bug occurs when executing an IBC transaction using --packet-timeout-height 9000-9100 --packet-timeout-timestamp 0. Even when specifying a Revision Number higher than the actual Revision Number of the chain, the transaction is processed normally without any errors.

Expected Behavior

When specifying a Revision Number higher than the actual Revision Number, the system should consider it an invalid timeout setting and return an error.

Actual Behavior

Even when specifying a Revision Number higher than the actual Revision Number, the transaction is processed normally without any errors.

Test Environment

  • ibc-go version: v8.7.0
  • Hermes version: v1.7.4

Requirements

  • Docker and Docker Compose
  • jq
  • curl

Installation and Execution

1. Clone the Project

git clone https://github.com/lapidix/ibc-timeout-bug-poc.git
cd ibc-timeout-bug-poc

2. Start Docker Containers

make start

3. Execute IBC Transaction

make ibc-tx

4. Query Transaction via HTTP API

make fetch-tx

5. Cleanup

# Clean only transaction data
make clean-tx

# Clean all data and stop Docker containers
make stop

Key Commands

Command Description
make start Start Docker containers
make ibc-tx Execute IBC transfer, query, and extract send_packet event
make fetch-tx Query transaction via HTTP API and extract send_packet event
make clean-tx Clean only transaction data
make stop Stop Docker containers and clean all data
make clean Clean all data
make check-ibc Check IBC channel status
make help Display help

Checking Saved JSON Files

After executing a transaction, the following files are created in the tx folder:

  1. latest_tx_hash - The most recent transaction hash
  2. tx_[TX_HASH].json - Complete transaction information
  3. send_packet_[TX_HASH].json - send_packet event information

Important Fields in send_packet Event

{
  "type": "send_packet",
  "attributes": [
    {
      "key": "packet_timeout_height",
      "value": "9001-9138"
    },
    {
      "key": "packet_timeout_timestamp",
      "value": "0"
    },
    {
      "key": "packet_sequence",
      "value": "1"
    },
    {
      "key": "packet_src_port",
      "value": "transfer"
    },
    {
      "key": "packet_src_channel",
      "value": "channel-0"
    }
  ]
}

The packet_timeout_height field in particular indicates the block height at which the packet timeout occurs. This value plays a crucial role in reproducing the bug.

How to Verify Bug Reproduction

  1. Run the make ibc-tx command to execute an IBC transaction.
  2. Check the send_packet_[TX_HASH].json file created in the tx folder.
  3. Verify the packet_timeout_height value. It will be displayed in a format like 9001-9138.
  4. The first value (9001) represents the Revision Number. The bug is that the transaction is processed successfully even when this value is higher than the actual Revision Number of the network.
  5. In this project, the actual Revision Number is 1, but we specified an invalid value of 9000 using the --packet-timeout-height 9000-9100 option, and yet the transaction is processed normally.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages