search

cosmos / ibc-rs

Rust implementation of the Inter-Blockchain Communication (IBC) protocol.
Apache License 2.0
181 stars 73 forks source link

Make `send_packet` method as private #1243

Open dhruvja opened 1 month ago

dhruvja commented 1 month ago

Bug Summary

The send_packet method is public which can be used to send packets without token transfers. But using send_packet, a transfer packet can be spoofed without locking the tokens. So essentially, users can just call send_packet and get tokens on destination without token transfer on source.

Details

The send_packet method here should prolly be private or be removed once we have port management which will enable us to just use send_transfer with different port for cross chain messaging. https://github.com/cosmos/ibc-rs/blob/dcf8c36caeff886734505cedabd5e6e8171c2808/ibc-core/ics04-channel/src/handler/send_packet.rs#L20

Version

0.50.0

rnbguy commented 1 month ago

Thanks for the report! Currently, ibc-rs is vulnerable to permissionless calls to send_packet_validate.

This requires port management to fix this completely. We need to include port capability check in send_packet_validate and as well as send_packet_execute method.

rnbguy commented 1 month ago

Adding more context. We will probably need #465 and make sure, *_packet_execute cannot be called without *_packet_validate called before.

We will most likely need a way to create ValidatedContext after *_packet_validate. *_packet_validate should only be called on ValidatedContext. Need design decision for this.