GHSA-7q74-g774-7x3g: Interchain Security: The signers of ICS messages do not need to match the provider address
(updated )
Context
ICS has the following four messages that enable validators on the provider chain to perform different actions:
MsgOptIn
– adds a validator to the consumer chain’s active setMsgOptOut
– removes a validator from the consumer chain’s active setMsgAssignConsumerKey
– changes the consensus key used for a validator’s operations on a consumer chainMsgSetConsumerCommissionRate
– sets a validator’s consumer-specific commission rate
Normally, only the respective validators are allowed to perform these actions.
Issue
The upgrade to SDK 0.50, introduced a signer field to these messages. This field is used to authenticate the user sending the message to the system. However, there was no validation on the ICS side to check if the signer matches the provider address.
As a result, any user could opt-in, opt-out, change the commission rate, or change what public key a validator uses on a consumer chain.
For more context, check out the code:
References
Detect and mitigate GHSA-7q74-g774-7x3g with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →