You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repo is an Evmos-based project, and Evmos uses a magic string to identify the opposing chain in IBC protocol to address this vulnerability.. But This practice is bad for their fork projects, as other projects can easily have differences in channel-id when building links with chains like ATOM, leading to incorrect implementations.
Failure to properly handle these channel-ids and claim methods may result in the above vulnerability not being fixed and still presenting the risk. This is because a malicious user can hijack the relevant channel-id to masquerade as an ATOM and Osmosis chain.
Impact
This issue may leave the claim method still at risk of the above vulnerability when this project's IBC and Claim function is alive.
We recommend removing the claim function when the claim method is not used or safeguard the consistency of chain-id to avoid potential risks resulting from future updates.
Please note that there are also issues related to the authentication of EVMchannels.
This means that IsEVMChannel() check are also at risk.
For Admin Use
Not duplicate issue
Appropriate labels applied
Appropriate contributors tagged
Contributor assigned/self-assigned
The text was updated successfully, but these errors were encountered:
Hellobloc
changed the title
Risk Report for Migration of Claimable Amount through IBC
Risky IBC channel-id Validation
Jun 3, 2024
Summary of Bug
This repo is an Evmos-based project, and Evmos uses a
magic string
to identify the opposing chain in IBC protocol to address this vulnerability.. But This practice is bad for their fork projects, as other projects can easily have differences inchannel-id
when building links with chains likeATOM
, leading to incorrect implementations.Failure to properly handle these
channel-ids
andclaim
methods may result in the above vulnerability not being fixed and still presenting the risk. This is because a malicious user can hijack the relevantchannel-id
to masquerade as anATOM
andOsmosis
chain.Impact
This issue may leave the claim method still at risk of the above vulnerability when this project's
IBC
andClaim
function is alive.Additional context
https://github.com/zama-ai/evmos/blob/main/x/claims/types/params.go#L146-L154
https://github.com/zama-ai/evmos/blob/main/x/claims/types/params.go#L25-L31
https://github.com/zama-ai/evmos/blob/main/x/claims/keeper/ibc_callbacks.go#L138-L140
Recommendations
We recommend removing the
claim
function when theclaim
method is not used or safeguard the consistency of chain-id to avoid potential risks resulting from future updates.Please note that there are also issues related to the authentication of
EVMchannels
.This means that
IsEVMChannel()
check are also at risk.For Admin Use
The text was updated successfully, but these errors were encountered: