Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(nexus)!: prevent messages from wasm to use nexus registered source chain #2180

Closed
wants to merge 1 commit into from
Closed

fix(nexus)!: prevent messages from wasm to use nexus registered source chain #2180

wants to merge 1 commit into from

Conversation

milapsheth
Copy link
Member

@milapsheth milapsheth commented Sep 12, 2024
edited by jira bot
Loading

AXE-4844

Description

Todos

  • Unit tests
  • Manual tests
  • Documentation
  • Connect epics/issues
  • Tag type of change
  • Upgrade handler

Steps to Test

Expected Behaviour

Other Notes

@milapsheth milapsheth requested a review from a team as a code owner September 12, 2024 05:27
@milapsheth milapsheth changed the title fix(nexus): prevent messages from wasm to use nexus registered source chain fix(nexus)!: prevent messages from wasm to use nexus registered source chain Sep 12, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.48%. Comparing base (7587fcd) to head (4b1d551).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2180   +/-   ##
=======================================
  Coverage   49.48%   49.48%           
=======================================
  Files         272      272           
  Lines       16151    16153    +2     
=======================================
+ Hits         7992     7993    +1     
- Misses       7547     7548    +1     
  Partials      612      612

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

cjcobb23
cjcobb23 reviewed Sep 12, 2024
View reviewed changes
x/nexus/keeper/msg_dispatcher.go
Comment on lines +66 to +69
// Prevent wasm gateway from spoofing a chain name registered in nexus as the source chain
if _, ok := m.GetChain(ctx, msg.SourceChain); ok {
return fmt.Errorf("wasm source chain %s should not be a registered chain in nexus", msg.SourceChain)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this is a good sanity check, I am not sure this is the best place for the check. It would be better to somehow handle this at chain registration. Also, out of curiosity, what would be the harm in allowing the same chain name to be registered in both places?

Copy link
Member Author

@milapsheth milapsheth Sep 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better to somehow handle this at chain registration.

Checking at chain registration doesn't prevent the wasm layer to spoof it dynamically when routing a GMP call to core. This ensures that it's never possible on the core side. We should still add it at the chain registration in amplifier though for sanity.

Also, out of curiosity, what would be the harm in allowing the same chain name to be registered in both places?

The chain name is part of the root of trust for a GMP call. Apps whitelisting by chain (e.g. ITS) are relying on a certain standard of security for the chain connection. The connection type can be completely different between core and amplifier for the same chain, so they should be distinguished in GMP by different identifiers. And in the event of a compromise on the wasm layer, we don't want to allow it to spoof consensus chains. Apps that only trusted consensus chains could now get a malicious message from wasm acting as one.

@milapsheth
Copy link
Member Author

We decided to check this during chain registration instead

@milapsheth milapsheth closed this Sep 12, 2024
@milapsheth milapsheth deleted the fix/restrict-source-chain branch September 12, 2024 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjcobb23 cjcobb23

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@milapsheth @cjcobb23