Another receiver can get tokens in IBC shielding transfer with an evil IBC relayer

[yito88]

Currently, MASP Transaction is built by an IBC relayer(Hermes) and is used at the destination Namada. However, even if Hermes replaces the actual receiver with another receiver payment address when building MASP Transaction, Namada VPs can't check if it is built with the proper receiver.

[yito88]

Users generate the proofs themselves (as 0.32 or earlier)

• Need to use the memo field to send it to the destination Namada

  • If a user wants to use the memo for another purpose, send tokens to a transparent address via IBC and then shielding-transfer to a shielded address on Namada

• Changes

  • Add the CLI command ibc-gen-shielding again to generate the proofs and output the serialized one
    • It can be set with --memo-path option in ibc-transfer
    • Cosmos-based chain user can set it with --memo

      gaiad tx ibc-transfer transfer [src-port] [src-channel] [receiver] [amount] --memo $(cat masp_tx.file)

  • Set the MASP Transaction to the memo when sending from a shielded address for refunding when timeout or ack with an error
    • Need to set two MASP Transactions for IBC shielded transfer between Namada chains
  • Extract the MASP Transaction from the memo in the packet when receiving/ack/timeout message
    • It is verified with the packet commitment in IBC VP (Calling IBC VP should be checked)
    • MASP VP also needs to extract it, instead of getting it from the tx section
  • Mint/Unescrow to the MASP account when the memo in the packet is MASP Transaction