🛡️ Potential Reentrancy using Timeout Callbacks
ccamel opened this issue · 0 comments
Note
Severity: Info
target: v7.1.0 - Commit: 3c854270b006db30aa3894da2cdba10cc31b8c5f
Ref: OKP4 Blockchain Audit Report v1.0 - 02-05-2024 - BlockApex
Description
Description During the course of the audit an advisory "ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks" was published by ibc-go. According to which an attacker could potentially execute the same MsgTimeout inside the IBC hook for the OnTimeout callback before the packet commitment is deleted. On chains where ibc-hooks wraps ICS-20, this vulnerability may allow for the logic of the OnTimeout callback of the transfer application to be recursively executed, leading to a condition that may present the opportunity for the loss of funds from the escrow account or unexpected minting of tokens. The requirements for the issue are:
- Chain is IBC-enabled and uses a vulnerable version of ibc-go
- Chain is CosmWasm-enabled and allows code uploads for wasm contracts by anyone, or by authorized parties (to a lesser extent)
- Chain utilizes the ibc-hooks middleware and wraps ICS-20 transfer application
We found okp4 to fullfil 2 configurations:
- Ibc-go version being used is v8.0
- Cosmwasm is enabled to upload contracts
Since ibc-hooks are not being used by okp4 yet hence the exploit can not be fully performed.
Recommandation
It is advised to update the ibc-go version , if in future cross chain funds transfering is enabled and ibc-hooks are used then in that case this bug shouldn't get activated.