bruce-wayne2
commented
2 years ago At present, the problem can also be solved by upgrading the version of wasmd. v0.28.0
Open RafilxTenfen opened 2 years ago
bruce-wayne2
commented
2 years ago At present, the problem can also be solved by upgrading the version of wasmd. v0.28.0
Summary
A vulnerability in the WASM integration and the authz module in the cosmos -sdk has been detected, and was recently exploited to halt another chain (JUNO). In the vulnerability, A smart contract abused non-deterministic state in authz grants to save a different hash to all validators. Juno Halt Root Cause Steps: • An attacker is deployed a malicious contract on the Juno. • A malicious contract is located on the Mint Scan
Problem Definition
• During the review of malicious contract, It has been observed that an attacker’s contract is calling Authz Module MsgGrant and MsgRevoke. • The smart contract leads to a non-determinism in Authz’s MsgGrant where the grant expiration was suspected to default to the node’s OS time if unset by the message sender. • The reply() feature of CosmWasm allows calling a message and getting back its output events. With a couple of messages, a nondeterministic event ordering occurred in the Authz module, which causes chain halt.
Proposal
Disable authz module on cosmwasm or wait for #12781 to be merged and update to that sdk
For Admin Use