Host chain allows overwriting of the active channel #768
Comments
colin-axner
added
type: bug
|
@AdityaSripal I think this should be updated in the spec |
|
But if the controller chain rewrites the active channel, shouldn't the host chain just use the latest active channel? I fail to see an attack here |
I don't understand this point. The current architecture will allow a controller chain to initialize a new channel as many times as it likes. I don't understand why this would be a security issue. The only potential vulnerability I see here is in the case where a relayer could spam channel creation after the first |
There's a race condition here though right? If chainA ACKs channel-1 and channel-2 on the same port. A relayer could decide which becomes the active channel on chainB by submitting the OpenConfirm in a certain order. We could end up in a state where the controller active channel does not equal the host active channel (and it cannot be fixed) I think the host chain should defensively consider overwrites of an active channel on the controller chain as byzantine behaviour (not necessarily attacking, but something is going wrong) |
|
Action items:
|
Summary
The host chain assumes the controller chain will never allow a channel to OPEN if it is not in the active channel mapping.
Problem Definition
OnChanOpenConfirmwill overwrite an active channel. This is fine for creating a new active channel after the previous one closed, but if the controller chain allows two channels to be opened for the same port (by incorrectly accounting for active channels), then this will overwrite an existing active channelProposal
Be defensive. If an active channel exist, return an error. Please add a test case for this scenario
For Admin Use
The text was updated successfully, but these errors were encountered: