jkilpatr
commented
2 years ago This issue is handled.
Inside the oracle code you'll see we search for events indexed by contract address. The contract address comes in either as a user provided config value at startup or, if governance has set the contract address as a cosmos chain parameter, directly from cosmos consensus.
Therefore this is not a bug.
loudoguno
Handle
tensors
Vulnerability details
Recently Thorchain (which uses cosmos), was hacked because the Thorchain environment listened to emitted events from routers other than the intended one. This allowed a hacker to create a malicious router.
Within the eth_main_loop of the orchestrator, is the gravity.sol contract address a hard-coded constant, so that this type of exploit can't occur? I wasn't able to this constant with the repo.
Recommended Mitigation Steps
Can the devs confirm that this sort of vulnerability doesn't occur and that the intended contract address is indeed hard-coded?