New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add validation for channel id upon rollapp validation on delayed ack #794

Closed

omritoptix opened this issue Apr 3, 2024 · 0 comments · Fixed by #796

Assignees

Contributor

omritoptix commented Apr 3, 2024

Currently we're only validating the sequencer val hash.
As reported by Khanh from decentrio, a malicious chain could:

fake the rollapp packet id
fake the nextValHash to be the same as our sequencer

In that case the malicious rollapp packet can snick into the queue.

We should also verify the rollapp against the known channel and by that prevent that.

omritoptix assigned zale144 and mtsitrin and unassigned mtsitrin

zale144 mentioned this issue

fix(delayedack): fix missing validation of channel id when validating rollapp packet #796

Merged

29 tasks

omritoptix closed this as completed in #796

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment