code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L47

Vulnerability details

Impact

There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens.

Proof of Concept

When bootstrapping Canto Network, node operators config channel ID for the onboarding module as channel-onboarding and initialize the list WhitelistedChannels (genesis state) containing "channel-onboarding" string.

Bob - on an unauthorized blockchain, transfers his assets to Canto Network through IBC, his wallet on Canto Network will increase Canto token balance.

Recommended Mitigation Steps

Modify comparison expression at line 47 in file Canto/x/onboarding/keeper/ibc_callbacks.go from

if s == packet.DestinationChannel {}

to

if s == packet.SourceChannel {}

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

JeffCX marked the issue as duplicate of #53

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Invalid

code-423n4 / 2023-06-canto-findings