Comments (1)
GrosQuildu
commented on June 26, 2024
The "burns transferred coins in the source chain" statement is misleading, but one may argue that it is somehow valid, as per the cosmos comment:
The coins (vouchers) are burned on the sender chain and then transferred to the receiving chain though IBC
What you wrote is much more clear and precise, and we should clarify the "IBC" exploit scenario. To be more precise we should consider four cases: when the chain with AMM
- is sending coins to other chain - coins are escrowed
- is receiving coins from other chain - coins are minted
- is sending coins back to original chain - coins are burned
- is receiving coins back - coins are taken from escrowed address
1 and 4 shouldn't impact total supply (uTokensInCirculation) - no issue here (as you noticed). Spendable coins amount (tokensHeld) may be impacted though, because escrowing is locking coins - but from the code it seems like there is no real "lock" like it is in with delegating coins (?)
2 and 3 change total supply. However, I don't remember how coin's prefixes influence these computations. At the best case the AMM is not buggy, because burning and minting is of other coins (with a prefix, different denomination). Not sure.
We should rewrite the "IBC" exploit scenario to be more generic and less specific (e.g., "be aware of IBC transfers that may influence balances"). Ideally, we research this topic more and provide accurate and tested "IBC" exploit scenario. It was some time ago when I wrote the issue, and now don't have testing code around anymore. Also the IBC code may have changed.
If you are willing to research the topic, we would gladly accept a PR.
from building-secure-contracts.
Related Issues (20)
- Error: Deploying the contract failed HOT 4
- Document slither code comment
- Explain the popsicle example HOT 1
- Render better solidity file HOT 5
- Document zkEVM divergences in learn evm
- Lack of compiler versions for excercises HOT 4
- Update links for Cairo Regenesis
- Fix TestDepositWithPermit test HOT 1
- Adapt Echidna training
- Update multi-abi to allContracts HOT 3
- Fixing substrate links
- Fix cosmos link HOT 2
- Echidna installation link is broken HOT 2
- Echidna Exercise 3 HOT 2
- markdown-link-check: improve CI
- Move blockchain-security-contacts here HOT 2
- Add changelog page HOT 1
- double hevm prank does not work HOT 1
- Add the rekt test HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from building-secure-contracts.