search

cosmos / interchain-security

Interchain Security is an open sourced IBC application which allows cosmos blockchains to lease their proof-of-stake security to one another.
https://cosmos.github.io/interchain-security/
Other
156 stars 126 forks source link

MsgTransfer is not validated before calling Transfer #1237

Closed mpoke closed 1 year ago

mpoke commented 1 year ago

Problem

Before calling the Transfer method of ICS-20, the message is not being validated. Normally, Transfer is called as a result of submitting a message MsgTransfer to the chain, which calls ValidateBasic. However, the validation is skipped in case of calling the method directly.

Closing criteria

Validate MsgTransfer before calling Transfer.

mpoke commented 1 year ago

Alternative solution (suggested by @crodriguezvega):

Also, instead of calling directly Transfer I think the recommended approach is to route the message through the service router. For example, this is what we do in ICA host when a message is received. The keeper of the host is created with a MessageRouter (see also wiring in app.go). So maybe that could be a way to do it as well in interchain security, and then maybe you can remove the dependency to the transfer keeper. I believe in that case ValidateBasic will trigger for the message.