Closed code423n4 closed 3 years ago
tensors
Allowing anyone to very cheaply deploy and erc20 to cosmos will lead to large amounts of fakes/scams being deployed as well as other malicious behavior intended to make a profit by tricking users of the cosmos system.
https://github.com/althea-net/cosmos-gravity-bridge/blob/92d0e12cea813305e6472851beeb80bd2eaf858d/solidity/contracts/Gravity.sol#L546
If a coin is deemed necessary for the cosmos ecosystem it can be deployed by the validators of that ecosystem.
duplicate of #53
jkilpatr
commented
3 years ago
Handle
tensors
Vulnerability details
Impact
Allowing anyone to very cheaply deploy and erc20 to cosmos will lead to large amounts of fakes/scams being deployed as well as other malicious behavior intended to make a profit by tricking users of the cosmos system.
Proof of Concept
https://github.com/althea-net/cosmos-gravity-bridge/blob/92d0e12cea813305e6472851beeb80bd2eaf858d/solidity/contracts/Gravity.sol#L546
Recommended Mitigation Steps
If a coin is deemed necessary for the cosmos ecosystem it can be deployed by the validators of that ecosystem.