About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Stealing Millions from the Blockchain via Bad Access Control on IBC- 1385

CyberArkPosted 1 Year Ago
  • IBC on Cosmos is a generalized way for crosschain communication. In the case of Comdex, they were using IBC to get oracle price updates from Band.
  • The IBC protocol itself is trustless and identifies another chain based on a channel ID that cannot be set by the chain instead of the chain name. This trustless nature sounds great but has to be kept in mind when using IBC.
  • Comdex did not allowlist a specific oracle update packet to the channel of Bandchain. Why is this bad? Any blockchain, including a solo machine (individual user with a private key) could have called this and set the prices of an oracle. Since the dex prices could be arbitrarily controlled, stealing all of the funds in the protocol would have been trivial.
  • To me, the main takeaway is that if communication on IBC is expected with only a single chain then this logic needs to be added to the handler of the IBC packet. Otherwise, the trustless nature will cause problems in your chain.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed