Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

we should check who emits the event of ZetaSent/Deposited when processing inbound trackers #1537

Closed
ws4charlie opened this issue Jan 8, 2024 · 0 comments · Fixed by #1539
Closed

we should check who emits the event of ZetaSent/Deposited when processing inbound trackers #1537

ws4charlie opened this issue Jan 8, 2024 · 0 comments · Fixed by #1539
Assignees
@ws4charlie
Labels
bug Something isn't working

Comments

@ws4charlie
Copy link
Contributor

func-1: https://github.com/zeta-chain/node/blob/hotfix-v11.0.3/zetaclient/inbound_tracker.go#L167
func-2: https://github.com/zeta-chain/node/blob/hotfix-v11.0.3/zetaclient/inbound_tracker.go#L201

Looks like we haven't checked who actually emits the events in the receipts. An observer/admin can submit a fake inTx hash with fake event (not by our connector/ERC20Custody contract) to get funds released for their own benefit.
@ws4charlie ws4charlie self-assigned this Jan 8, 2024
@ws4charlie ws4charlie added the bug Something isn't working label Jan 8, 2024
@ws4charlie ws4charlie mentioned this issue Jan 9, 2024
Merged
10 tasks
This was referenced Jan 18, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ws4charlie ws4charlie

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: sanity check events of ZetaSent/ZetaReceived/ZetaReverted/Withdrawn/Deposited zeta-chain/node
1 participant
@ws4charlie