Open dhruvja opened 1 month ago
Thanks for the report! Currently, ibc-rs
is vulnerable to permissionless calls to send_packet_validate
.
This requires port management to fix this completely. We need to include port capability check in send_packet_validate
and as well as send_packet_execute
method.
Adding more context. We will probably need #465 and make sure, *_packet_execute
cannot be called without *_packet_validate
called before.
We will most likely need a way to create ValidatedContext
after *_packet_validate
. *_packet_validate
should only be called on ValidatedContext
. Need design decision for this.
Bug Summary
The
send_packet
method is public which can be used to send packets without token transfers. But usingsend_packet
, a transfer packet can be spoofed without locking the tokens. So essentially, users can just callsend_packet
and get tokens on destination without token transfer on source.Details
The
send_packet
method here should prolly be private or be removed once we have port management which will enable us to just usesend_transfer
with different port for cross chain messaging. https://github.com/cosmos/ibc-rs/blob/dcf8c36caeff886734505cedabd5e6e8171c2808/ibc-core/ics04-channel/src/handler/send_packet.rs#L20Version
0.50.0