From f4ff771920b9283c7470b04daf63e7c9b1778172 Mon Sep 17 00:00:00 2001 From: rustdev Date: Tue, 19 Mar 2024 22:02:25 +0000 Subject: [PATCH 1/2] introduce validation for timeout timestamp for eth ibc bridge --- custom/ibc-transfer/keeper/msg_server.go | 14 +++- .../v1beta1/ibctransfermiddleware.proto | 2 +- .../types/ibctransfermiddleware.pb.go | 64 +++++++++---------- 3 files changed, 45 insertions(+), 35 deletions(-) diff --git a/custom/ibc-transfer/keeper/msg_server.go b/custom/ibc-transfer/keeper/msg_server.go index bb9b825f..f84dff35 100644 --- a/custom/ibc-transfer/keeper/msg_server.go +++ b/custom/ibc-transfer/keeper/msg_server.go @@ -3,6 +3,7 @@ package keeper import ( "context" "fmt" + "time" sdk "github.com/cosmos/cosmos-sdk/types" "github.com/cosmos/ibc-go/v7/modules/apps/transfer/types" @@ -30,8 +31,17 @@ func (k msgServer) Transfer(goCtx context.Context, msg *types.MsgTransfer) (*typ if params.ChannelFees != nil && len(params.ChannelFees) > 0 { channelFee := findChannelParams(params.ChannelFees, msg.SourceChannel) if channelFee != nil { - if channelFee.MinTimeoutTimestamp > 0 && msg.TimeoutTimestamp < channelFee.MinTimeoutTimestamp { - return nil, fmt.Errorf("incorrect timeout timestamp found during ibc transfer") + if channelFee.MinTimeoutTimestamp > 0 { + + goCtx := sdk.UnwrapSDKContext(goCtx) + blockTime := goCtx.BlockTime() + + timeoutTimeInFuture := time.Unix(0, int64(msg.TimeoutTimestamp)) + difference := timeoutTimeInFuture.Sub(blockTime).Nanoseconds() + + if difference < channelFee.MinTimeoutTimestamp { + return nil, fmt.Errorf("incorrect timeout timestamp found during ibc transfer") + } } coin := findCoinByDenom(channelFee.AllowedTokens, msg.Token.Denom) if coin != nil { diff --git a/proto/composable/ibctransfermiddleware/v1beta1/ibctransfermiddleware.proto b/proto/composable/ibctransfermiddleware/v1beta1/ibctransfermiddleware.proto index 1f15c051..f789dee2 100644 --- a/proto/composable/ibctransfermiddleware/v1beta1/ibctransfermiddleware.proto +++ b/proto/composable/ibctransfermiddleware/v1beta1/ibctransfermiddleware.proto @@ -19,7 +19,7 @@ message ChannelFee{ string channel = 1; repeated CoinItem allowed_tokens = 2; string fee_address = 3 [(cosmos_proto.scalar) = "cosmos.AddressString"]; - uint64 min_timeout_timestamp = 4; + int64 min_timeout_timestamp = 4; } message CoinItem{ diff --git a/x/ibctransfermiddleware/types/ibctransfermiddleware.pb.go b/x/ibctransfermiddleware/types/ibctransfermiddleware.pb.go index 67340cec..e58115dc 100644 --- a/x/ibctransfermiddleware/types/ibctransfermiddleware.pb.go +++ b/x/ibctransfermiddleware/types/ibctransfermiddleware.pb.go @@ -76,7 +76,7 @@ type ChannelFee struct { Channel string `protobuf:"bytes,1,opt,name=channel,proto3" json:"channel,omitempty"` AllowedTokens []*CoinItem `protobuf:"bytes,2,rep,name=allowed_tokens,json=allowedTokens,proto3" json:"allowed_tokens,omitempty"` FeeAddress string `protobuf:"bytes,3,opt,name=fee_address,json=feeAddress,proto3" json:"fee_address,omitempty"` - MinTimeoutTimestamp uint64 `protobuf:"varint,4,opt,name=min_timeout_timestamp,json=minTimeoutTimestamp,proto3" json:"min_timeout_timestamp,omitempty"` + MinTimeoutTimestamp int64 `protobuf:"varint,4,opt,name=min_timeout_timestamp,json=minTimeoutTimestamp,proto3" json:"min_timeout_timestamp,omitempty"` } func (m *ChannelFee) Reset() { *m = ChannelFee{} } @@ -133,7 +133,7 @@ func (m *ChannelFee) GetFeeAddress() string { return "" } -func (m *ChannelFee) GetMinTimeoutTimestamp() uint64 { +func (m *ChannelFee) GetMinTimeoutTimestamp() int64 { if m != nil { return m.MinTimeoutTimestamp } @@ -203,35 +203,35 @@ func init() { } var fileDescriptor_1193893bc248bc1b = []byte{ - // 438 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0x4f, 0x8b, 0xd4, 0x30, - 0x18, 0xc6, 0x27, 0x3b, 0xcb, 0xac, 0x9b, 0x51, 0xc1, 0xba, 0x62, 0x76, 0xc1, 0x38, 0xcc, 0xa9, - 0x08, 0xb6, 0x4c, 0x15, 0xc4, 0x83, 0x07, 0x47, 0x11, 0xbc, 0x49, 0x1d, 0x10, 0xbd, 0x94, 0xb4, - 0x7d, 0x5b, 0x83, 0x4d, 0x52, 0x92, 0xb8, 0xab, 0xdf, 0xc2, 0x8f, 0xe1, 0xd1, 0x83, 0x1f, 0x62, - 0x8f, 0x8b, 0x27, 0x4f, 0x22, 0x33, 0x07, 0xaf, 0x7e, 0x04, 0x69, 0x93, 0x71, 0x14, 0x46, 0x70, - 0x2f, 0x4d, 0xde, 0xf7, 0xd7, 0xe7, 0xc9, 0x93, 0x3f, 0xf8, 0x71, 0xa1, 0x44, 0xab, 0x0c, 0xcb, - 0x1b, 0x88, 0x79, 0x5e, 0x58, 0xcd, 0xa4, 0xa9, 0x40, 0x0b, 0x5e, 0x96, 0x0d, 0x9c, 0x30, 0x0d, - 0xf1, 0xf1, 0x2c, 0x07, 0xcb, 0x66, 0xdb, 0x69, 0xd4, 0x6a, 0x65, 0x55, 0x10, 0x6e, 0x5c, 0xa2, - 0xed, 0xff, 0x79, 0x97, 0xa3, 0x83, 0x5a, 0xd5, 0xaa, 0x17, 0xc5, 0xdd, 0xcc, 0xe9, 0x8f, 0x0e, - 0x0b, 0x65, 0x84, 0x32, 0x99, 0x03, 0xae, 0xf0, 0x88, 0xba, 0x2a, 0xce, 0x99, 0xd9, 0x64, 0x29, - 0x14, 0x97, 0x9e, 0x5f, 0x61, 0x82, 0x4b, 0x15, 0xf7, 0x5f, 0xdf, 0xba, 0xee, 0x25, 0xc2, 0xd4, - 0xf1, 0xf1, 0xac, 0x1b, 0x1c, 0x98, 0x32, 0x3c, 0x7a, 0xc6, 0x34, 0x13, 0x26, 0x78, 0x81, 0x2f, - 0x16, 0xaf, 0x99, 0x94, 0xd0, 0x64, 0x15, 0x80, 0x21, 0x68, 0x32, 0x0c, 0xc7, 0xc9, 0xdd, 0xe8, - 0x7f, 0xf7, 0x11, 0x3d, 0x72, 0xea, 0x27, 0x00, 0xe9, 0xb8, 0xf8, 0x3d, 0x37, 0xd3, 0x9f, 0x08, - 0xe3, 0x0d, 0x0b, 0x08, 0xde, 0xf3, 0x94, 0xa0, 0x09, 0x0a, 0xf7, 0xd3, 0x75, 0x19, 0xbc, 0xc4, - 0x97, 0x59, 0xd3, 0xa8, 0x13, 0x28, 0x33, 0xab, 0xde, 0x80, 0x34, 0x64, 0xa7, 0xcf, 0x90, 0x9c, - 0x23, 0x83, 0xe2, 0xf2, 0xa9, 0x05, 0x91, 0x5e, 0xf2, 0x4e, 0x8b, 0xde, 0x28, 0xb8, 0x8f, 0xc7, - 0x15, 0x40, 0xc6, 0xca, 0x52, 0x83, 0x31, 0x64, 0xd8, 0x2d, 0x3c, 0x27, 0x5f, 0x3e, 0xdf, 0x3e, - 0xf0, 0x27, 0xfb, 0xd0, 0x91, 0xe7, 0x56, 0x73, 0x59, 0xa7, 0xb8, 0x02, 0xf0, 0x9d, 0x20, 0xc1, - 0xd7, 0x04, 0x97, 0x99, 0xe5, 0x02, 0xd4, 0x5b, 0xdb, 0x8f, 0xc6, 0x32, 0xd1, 0x92, 0xdd, 0x09, - 0x0a, 0x77, 0xd3, 0xab, 0x82, 0xcb, 0x85, 0x63, 0x8b, 0x35, 0x9a, 0x72, 0x7c, 0x61, 0x9d, 0x24, - 0x78, 0x80, 0xf7, 0x3a, 0x7d, 0x05, 0xd0, 0xef, 0x77, 0x9c, 0x1c, 0x46, 0x7e, 0xcd, 0xee, 0xfe, - 0xfe, 0x4a, 0x3e, 0xdf, 0x3f, 0xfd, 0x76, 0x73, 0xf0, 0xf1, 0xc7, 0xa7, 0x5b, 0x28, 0x1d, 0x09, - 0x2e, 0xbb, 0xe3, 0xa2, 0x18, 0xb7, 0xa0, 0x0b, 0x90, 0x96, 0xd5, 0x40, 0x76, 0x26, 0x28, 0x1c, - 0xa6, 0x7f, 0x74, 0xe6, 0xf7, 0x4e, 0x97, 0x14, 0x9d, 0x2d, 0x29, 0xfa, 0xbe, 0xa4, 0xe8, 0xc3, - 0x8a, 0x0e, 0xce, 0x56, 0x74, 0xf0, 0x75, 0x45, 0x07, 0xaf, 0x6e, 0xbc, 0xfb, 0xc7, 0xf3, 0xb5, - 0xef, 0x5b, 0x30, 0xf9, 0xa8, 0x7f, 0x00, 0x77, 0x7e, 0x05, 0x00, 0x00, 0xff, 0xff, 0x0a, 0x20, - 0x7e, 0x4d, 0xef, 0x02, 0x00, 0x00, + // 436 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0x41, 0x8b, 0xd4, 0x30, + 0x14, 0xc7, 0x27, 0x3b, 0x32, 0xeb, 0x66, 0x54, 0xb0, 0xae, 0x98, 0x5d, 0x30, 0x0e, 0x73, 0x1a, + 0x04, 0x5b, 0xa6, 0x0a, 0xe2, 0xc1, 0x83, 0xa3, 0x08, 0xde, 0xa4, 0x0e, 0x88, 0x5e, 0x4a, 0xda, + 0xbe, 0xd6, 0x60, 0x93, 0x94, 0x24, 0xee, 0xea, 0xb7, 0xf0, 0x63, 0x78, 0xf4, 0xe0, 0x87, 0xd8, + 0xe3, 0xe2, 0xc9, 0x93, 0xc8, 0xcc, 0xc1, 0xab, 0x1f, 0x41, 0x9a, 0x64, 0x1c, 0x85, 0x15, 0xf4, + 0xd2, 0xe4, 0xbd, 0x5f, 0xff, 0xef, 0xfd, 0x93, 0x3c, 0xfc, 0xa8, 0x54, 0xa2, 0x53, 0x86, 0x15, + 0x2d, 0x24, 0xbc, 0x28, 0xad, 0x66, 0xd2, 0xd4, 0xa0, 0x05, 0xaf, 0xaa, 0x16, 0x8e, 0x99, 0x86, + 0xe4, 0x68, 0x5e, 0x80, 0x65, 0xf3, 0xb3, 0x69, 0xdc, 0x69, 0x65, 0x55, 0x34, 0xdb, 0x56, 0x89, + 0xcf, 0xfe, 0x2f, 0x54, 0x39, 0xdc, 0x6f, 0x54, 0xa3, 0x9c, 0x28, 0xe9, 0x77, 0x5e, 0x7f, 0x78, + 0x50, 0x2a, 0x23, 0x94, 0xc9, 0x3d, 0xf0, 0x41, 0x40, 0xd4, 0x47, 0x49, 0xc1, 0xcc, 0xd6, 0x4b, + 0xa9, 0xb8, 0x0c, 0xfc, 0x32, 0x13, 0x5c, 0xaa, 0xc4, 0x7d, 0x43, 0xea, 0x5a, 0x90, 0x08, 0xd3, + 0x24, 0x47, 0xf3, 0x7e, 0xf1, 0x60, 0xca, 0xf0, 0xe8, 0x29, 0xd3, 0x4c, 0x98, 0xe8, 0x39, 0xbe, + 0x50, 0xbe, 0x62, 0x52, 0x42, 0x9b, 0xd7, 0x00, 0x86, 0xa0, 0xc9, 0x70, 0x36, 0x4e, 0xef, 0xc4, + 0xff, 0x7a, 0x8e, 0xf8, 0xa1, 0x57, 0x3f, 0x06, 0xc8, 0xc6, 0xe5, 0xaf, 0xbd, 0x99, 0xfe, 0x40, + 0x18, 0x6f, 0x59, 0x44, 0xf0, 0x6e, 0xa0, 0x04, 0x4d, 0xd0, 0x6c, 0x2f, 0xdb, 0x84, 0xd1, 0x0b, + 0x7c, 0x89, 0xb5, 0xad, 0x3a, 0x86, 0x2a, 0xb7, 0xea, 0x35, 0x48, 0x43, 0x76, 0x9c, 0x87, 0xf4, + 0x3f, 0x3c, 0x28, 0x2e, 0x9f, 0x58, 0x10, 0xd9, 0xc5, 0x50, 0x69, 0xe9, 0x0a, 0x45, 0xf7, 0xf0, + 0xb8, 0x06, 0xc8, 0x59, 0x55, 0x69, 0x30, 0x86, 0x0c, 0xfb, 0xc6, 0x0b, 0xf2, 0xf9, 0xd3, 0xad, + 0xfd, 0x70, 0xb3, 0x0f, 0x3c, 0x79, 0x66, 0x35, 0x97, 0x4d, 0x86, 0x6b, 0x80, 0x90, 0x89, 0x52, + 0x7c, 0x55, 0x70, 0x99, 0x5b, 0x2e, 0x40, 0xbd, 0xb1, 0x6e, 0x35, 0x96, 0x89, 0x8e, 0x9c, 0x9b, + 0xa0, 0xd9, 0x30, 0xbb, 0x22, 0xb8, 0x5c, 0x7a, 0xb6, 0xdc, 0xa0, 0x29, 0xc7, 0xe7, 0x37, 0x4e, + 0xa2, 0xfb, 0x78, 0xb7, 0xd7, 0xd7, 0x00, 0xee, 0xbc, 0xe3, 0xf4, 0x20, 0x0e, 0x3d, 0xfb, 0xf7, + 0xfb, 0xc3, 0xf9, 0x62, 0xef, 0xe4, 0xeb, 0x8d, 0xc1, 0x87, 0xef, 0x1f, 0x6f, 0xa2, 0x6c, 0x24, + 0xb8, 0xec, 0xaf, 0x8b, 0x62, 0xdc, 0x81, 0x2e, 0x41, 0x5a, 0xd6, 0x00, 0xd9, 0x71, 0x3d, 0x7f, + 0xcb, 0x2c, 0xee, 0x9e, 0xac, 0x28, 0x3a, 0x5d, 0x51, 0xf4, 0x6d, 0x45, 0xd1, 0xfb, 0x35, 0x1d, + 0x9c, 0xae, 0xe9, 0xe0, 0xcb, 0x9a, 0x0e, 0x5e, 0x5e, 0x7f, 0xfb, 0x97, 0xf1, 0xb5, 0xef, 0x3a, + 0x30, 0xc5, 0xc8, 0x0d, 0xc0, 0xed, 0x9f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x69, 0x03, 0x6b, 0xef, + 0xef, 0x02, 0x00, 0x00, } func (m *Params) Marshal() (dAtA []byte, err error) { @@ -662,7 +662,7 @@ func (m *ChannelFee) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.MinTimeoutTimestamp |= uint64(b&0x7F) << shift + m.MinTimeoutTimestamp |= int64(b&0x7F) << shift if b < 0x80 { break } From a4a7c29b8616d50d09f3afa0eab300621f029071 Mon Sep 17 00:00:00 2001 From: rustdev Date: Tue, 19 Mar 2024 23:48:55 +0000 Subject: [PATCH 2/2] extra validation that timeoutTimeInFuture.Before(blockTime) return error --- custom/ibc-transfer/keeper/msg_server.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/custom/ibc-transfer/keeper/msg_server.go b/custom/ibc-transfer/keeper/msg_server.go index f84dff35..a6d27234 100644 --- a/custom/ibc-transfer/keeper/msg_server.go +++ b/custom/ibc-transfer/keeper/msg_server.go @@ -37,10 +37,14 @@ func (k msgServer) Transfer(goCtx context.Context, msg *types.MsgTransfer) (*typ blockTime := goCtx.BlockTime() timeoutTimeInFuture := time.Unix(0, int64(msg.TimeoutTimestamp)) + if timeoutTimeInFuture.Before(blockTime) { + return nil, fmt.Errorf("incorrect timeout timestamp found during ibc transfer. timeout timestamp is in the past") + } + difference := timeoutTimeInFuture.Sub(blockTime).Nanoseconds() if difference < channelFee.MinTimeoutTimestamp { - return nil, fmt.Errorf("incorrect timeout timestamp found during ibc transfer") + return nil, fmt.Errorf("incorrect timeout timestamp found during ibc transfer. too soon") } } coin := findCoinByDenom(channelFee.AllowedTokens, msg.Token.Denom)