There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens.
Proof of Concept
When bootstrapping Canto Network, node operators config channel ID for the onboarding module as channel-onboarding and initialize the list WhitelistedChannels (genesis state) containing "channel-onboarding" string.
Bob - on an unauthorized blockchain, transfers his assets to Canto Network through IBC, his wallet on Canto Network will increase Canto token balance.
Recommended Mitigation Steps
Modify comparison expression at line 47 in file Canto/x/onboarding/keeper/ibc_callbacks.go from
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L47
Vulnerability details
Impact
There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens.
Proof of Concept
When bootstrapping Canto Network, node operators config channel ID for the
onboarding
module aschannel-onboarding
and initialize the listWhitelistedChannels
(genesis state) containing "channel-onboarding" string.Bob - on an unauthorized blockchain, transfers his assets to Canto Network through IBC, his wallet on Canto Network will increase Canto token balance.
Recommended Mitigation Steps
Modify comparison expression at line 47 in file
Canto/x/onboarding/keeper/ibc_callbacks.go
fromto
Assessed type
Invalid Validation