Closed code423n4 closed 2 years ago
duplicate of #32
I'm fine with a high risk classification here. There's a meaningful risk of just screwing this state up by accident.
I think this deserves a low risk categorization, as it's a duplicate of https://github.com/code-423n4/2021-08-gravitybridge-findings/issues/24
Handle
0xito
Vulnerability details
Impact
when
submitbatch
is called with a_batchnonce
of the maximum unsigned number (type(uint256).max
), all future calls will fail due to this check:no batches can be submitted again but are still accepted on the cosmos side.
The same issue exists for
submitLogicCall
and settingargs.invalidationNonce = type(uint256).max
Proof of Concept
Tools Used
Recommended Mitigation Steps
the nonces should not be arbitrary, ideally, they are the previous nonce + 1, or within a range of the previous nonce.