search

cosmos / ibc-rs

Rust implementation of the Inter-Blockchain Communication (IBC) protocol.
Apache License 2.0
197 stars 79 forks source link

bug(cw-context): consensus state heights iteration may consider invalid values #1175

Closed rnbguy closed 5 months ago

rnbguy commented 5 months ago

Bug Summary

https://github.com/cosmos/ibc-rs/blob/d5e3887770d3579d49942569833499b57c09af18/ibc-clients/cw-context/src/context/mod.rs#L135-L137

https://github.com/cosmos/ibc-rs/blob/d5e3887770d3579d49942569833499b57c09af18/ibc-clients/cw-context/src/context/mod.rs#L162-L164

https://github.com/cosmos/ibc-rs/blob/d5e3887770d3579d49942569833499b57c09af18/ibc-clients/cw-context/src/context/mod.rs#L196-L201

These iterations do not check if the key starts with ITERATE_CONSENSUS_STATE_PREFIX. So, some arbitrary value may be parsed here - generating an unexpected parsing error.

The first example can be fixed adding an extra filter.

        let heights: Vec<_> = iterator
            .filter(|(key, _)| key.starts_with(ITERATE_CONSENSUS_STATE_PREFIX.as_bytes())) // new filter
            .filter_map(|(_, value)| parse_height(value).transpose())
            .collect::<Result<_, _>>()?;

Version

latest main

Reference

Caught by informalsystems/hermes#3943