search

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

Lack of input validation #49

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L72 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L84

Vulnerability details

Impact

There is no input sanitizer implemented for the transfertypes.FungibleTokenPacketData data variable.

Proof of Concept

After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it, thus an attacker could send arbitrary values and trick the L1 into undefined behaviour (I didn't go any further)

Tools Used

Manual analysis

Recommended Mitigation Steps

Check the fields inside data to be the correct ones

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

JeffCX marked the issue as low quality report

JeffCX commented 1 year ago

After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it, thus an attacker could send arbitrary values and trick the L1 into undefined behaviour (I didn't go any further)

insufficient detail, marked as low quality report because the warden does not go any further

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality