ics999
ics999 copied to clipboard
larry0x
An all-in-one IBC protocol providing fungible token transfer, interchain account, and async query functionalities
@SCV-Security has uncovered a design flaw in the packet-forward-middleware (PFM) that allows an attacker to fake the sender address of an ICS-20 packet. This does not directly affect ICS-999, as...
see: https://github.com/osmosis-labs/osmosis/tree/main/x/ibc-rate-limit/contracts/rate-limiter
this helper struct has been upstreamed to cosmwasm-std
the audit report for polytone has been published. we should study their findings, and apply relevant fixes to 999. https://github.com/oak-security/audit-reports/blob/master/Polytone/2023-06-05%20Audit%20Report%20-%20Polytone%20v1.0.pdf
Following a discussion with @CyberHoward, the following denial-of-service attack appears possible: An attacker instantiates a "fake" ICS-999 contract on chainA, that doesn't have the correct ICS-999 contract bytecode, but uses...