jkilpatr
commented
2 years ago duplicate of #32
I'm fine with a high risk classification here. There's a meaningful risk of just screwing this state up by accident.
Closed code423n4 closed 2 years ago
jkilpatr
commented
2 years ago duplicate of #32
I'm fine with a high risk classification here. There's a meaningful risk of just screwing this state up by accident.
albertchon
commented
2 years ago I think this deserves a low risk categorization, as it's a duplicate of https://github.com/code-423n4/2021-08-gravitybridge-findings/issues/24
Handle
0xito
Vulnerability details
Impact
when
submitbatchis called with a_batchnonceof the maximum unsigned number (type(uint256).max), all future calls will fail due to this check:no batches can be submitted again but are still accepted on the cosmos side.
The same issue exists for
submitLogicCalland settingargs.invalidationNonce = type(uint256).maxProof of Concept
Tools Used
Recommended Mitigation Steps
the nonces should not be arbitrary, ideally, they are the previous nonce + 1, or within a range of the previous nonce.