search

darwinia-network / darwinia-messages-sol

Darwinia cross-chain messages gateway and protocol for EVM developers 💌
MIT License
29 stars 8 forks source link

Security Check: message call should dispatch as new origin/sender represent remote call_origin/source_account #56

Closed hackfisher closed 3 years ago

hackfisher commented 3 years ago

https://github.com/darwinia-network/darwinia-bridge-sol/blob/5e3f86b85f8d4228f5de52af1d785ef80c803b9c/contracts/bridge/contracts/binance/BasicInboundChannel.sol#L93

How does evm and smart contract support this?

Must be very carefully about the permissions of contract BasicInboundChannel, because this call is dispatch as BasicInboundChannel

BasicInboundChannel should be an empty contract only used for identifying remote call.

Missing source/from account information in the payload?

This call must check the source/from account info other than msg.sender.

hackfisher commented 3 years ago

Using filtering design, fixed in #61