You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looks like we haven't checked who actually emits the events in the receipts. An observer/admin can submit a fake inTx hash with fake event (not by our connector/ERC20Custody contract) to get funds released for their own benefit.
The text was updated successfully, but these errors were encountered:
func-1: https://github.com/zeta-chain/node/blob/hotfix-v11.0.3/zetaclient/inbound_tracker.go#L167
func-2: https://github.com/zeta-chain/node/blob/hotfix-v11.0.3/zetaclient/inbound_tracker.go#L201
Looks like we haven't checked who actually emits the events in the receipts. An observer/admin can submit a fake inTx hash with fake event (not by our connector/ERC20Custody contract) to get funds released for their own benefit.
The text was updated successfully, but these errors were encountered: