axone-protocol/axoned

🛡️ Potential Reentrancy using Timeout Callbacks

ccamel opened this issue · 0 comments

Note

Severity: Info
target: v7.1.0 - Commit: 3c854270b006db30aa3894da2cdba10cc31b8c5f
Ref: OKP4 Blockchain Audit Report v1.0 - 02-05-2024 - BlockApex

Description

Description During the course of the audit an advisory "ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks" was published by ibc-go. According to which an attacker could potentially execute the same MsgTimeout inside the IBC hook for the OnTimeout callback before the packet commitment is deleted. On chains where ibc-hooks wraps ICS-20, this vulnerability may allow for the logic of the OnTimeout callback of the transfer application to be recursively executed, leading to a condition that may present the opportunity for the loss of funds from the escrow account or unexpected minting of tokens. The requirements for the issue are:

  • Chain is IBC-enabled and uses a vulnerable version of ibc-go
  • Chain is CosmWasm-enabled and allows code uploads for wasm contracts by anyone, or by authorized parties (to a lesser extent)
  • Chain utilizes the ibc-hooks middleware and wraps ICS-20 transfer application

We found okp4 to fullfil 2 configurations:

  1. Ibc-go version being used is v8.0
  2. Cosmwasm is enabled to upload contracts

Since ibc-hooks are not being used by okp4 yet hence the exploit can not be fully performed.

Recommandation

It is advised to update the ibc-go version , if in future cross chain funds transfering is enabled and ibc-hooks are used then in that case this bug shouldn't get activated.