Open code423n4 opened 3 years ago
This issue is handled.
Inside the oracle code you'll see we search for events indexed by contract address. The contract address comes in either as a user provided config value at startup or, if governance has set the contract address as a cosmos chain parameter, directly from cosmos consensus.
Therefore this is not a bug.
reopening as per judges assessment as "primary issue" on findings sheet
Handle
tensors
Vulnerability details
Recently Thorchain (which uses cosmos), was hacked because the Thorchain environment listened to emitted events from routers other than the intended one. This allowed a hacker to create a malicious router.
Within the eth_main_loop of the orchestrator, is the gravity.sol contract address a hard-coded constant, so that this type of exploit can't occur? I wasn't able to this constant with the repo.
Recommended Mitigation Steps
Can the devs confirm that this sort of vulnerability doesn't occur and that the intended contract address is indeed hard-coded?