Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseGHSA-j496-crgh-34mx
GHSA-j496-crgh-34mx:
vulnerability analysis and mitigation
Overview
A critical vulnerability (GHSA-j496-crgh-34mx) was discovered in ibc-go affecting versions < 4.6.0, < 5.4.0, < 6.3.0, < 7.4.0, and < 8.2.0. The vulnerability, identified as ASA-2024-007, was reported on March 26, 2024, by Maxwell Dulin from Asymmetric Research through the Cosmos Bug Bounty Program. This security issue affects IBC-enabled chains that use vulnerable versions of ibc-go, are CosmWasm-enabled with code upload capabilities, and utilize the ibc-hooks middleware wrapping ICS-20 transfer application (GitHub Advisory).
Technical details
The vulnerability allows potential reentrancy attacks through timeout callbacks in ibc-hooks. An attacker could execute the same MsgTimeout inside the IBC hook for the OnTimeout callback before the packet commitment is deleted. This creates a condition where the OnTimeout callback of the transfer application could be recursively executed when ibc-hooks wraps ICS-20. The vulnerability has been assigned a Critical severity rating with a CVSS score of 9.1, indicating high impact on integrity and availability (GitHub Advisory).
Impact
On affected chains where ibc-hooks wraps ICS-20, the vulnerability could lead to significant security implications including potential loss of funds from the escrow account or unexpected minting of tokens. The impact is particularly severe for chains that allow unrestricted code uploads for wasm contracts, though chains with authorized-only uploads are also affected to a lesser extent (GitHub Advisory).
Mitigation and workarounds
Affected chains are advised to immediately upgrade to the latest patch fix version of ibc-go (v4.6.0, v5.4.0, v6.3.0, v7.4.0, or v8.2.0). For chains that haven't upgraded yet, it is recommended to limit code uploading capabilities to trusted parties as a temporary mitigation measure. Chains that previously applied soft-patches through private coordination should still proceed with updating to the latest ibc-go version through normal software upgrade governance (GitHub Advisory).
Community reactions
A coordinated response was implemented through a private patching effort that preceded the public disclosure, significantly reducing the ecosystem's exposure to this vulnerability. The response demonstrated strong collaboration between the ibc-go team, Amulet, and affected chains, with validators being praised for their quick action while maintaining confidentiality (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management