Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rate limiting #271

Closed
srdtrk opened this issue Feb 10, 2025 · 0 comments · Fixed by #274
Closed

Add rate limiting #271

srdtrk opened this issue Feb 10, 2025 · 0 comments · Fixed by #274
Assignees
@srdtrk
Labels
20-transfer Issues related to the ICS20 application solidity Issues related to the solidity contracts type: feature Feature request

Comments

@srdtrk
Copy link
Member

srdtrk commented Feb 10, 2025

Add configurable rate limiting. The threat scenario this protects against is the following.

  • Suppose 1_000_000 WETH has been transferred from Ethereum to Cosmos Hub, so that 1_000_000 WETH is locked in escrow.
  • Suppose an attacker has the power to generate malicious proofs (for ex. an SP1 vulnerability).

Then without rate limits, the attacker can:

  1. Generate a malicious proof that a user has sent 500_000 WETH back from Cosmos Hub to themselves.
  2. The attacker receives the funds and runs.

With a rate limit of 100_000 ETH:

  1. The attacker must generate a malicious proof for a packet of size at most 100_000 ETH.
  2. Once the rate limit has been hit, the pauser notices the discrepancy between Cosmos Hub and Ethereum, and pauses transfers.
@srdtrk srdtrk added 20-transfer Issues related to the ICS20 application solidity Issues related to the solidity contracts type: feature Feature request labels Feb 10, 2025
@srdtrk srdtrk self-assigned this Feb 10, 2025
@gjermundgaraba gjermundgaraba moved this from Backlog to In progress in IBC-GO Eureka Feb 11, 2025
@srdtrk srdtrk mentioned this issue Feb 11, 2025
Merged
6 tasks
@github-project-automation github-project-automation bot moved this from In progress to Done in IBC-GO Eureka Feb 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srdtrk srdtrk

Labels
20-transfer Issues related to the ICS20 application solidity Issues related to the solidity contracts type: feature Feature request
Projects
IBC-GO Eureka
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: added rate limiting to Escrow cosmos/solidity-ibc-eureka
1 participant
@srdtrk