GO-2024-2874 Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go

The ibc-go module is affected by the Inter-Blockchain Communication IBC protocol "Huckleberry" vulnerability. The vulnerability allowed an attacker to send arbitrary transactions onto target chains and trigger arbitrary state transitions, including but not limited to, theft of funds. It was...

Expired members can lose their tranche tokens if they call transferTrancheTokensToCentrifuge or transferTrancheTokensToEVM in PoolManager.sol

Lines of code Vulnerability details Impact User can call transferTrancheTokensToCentrifuge or transferTrancheTokensToEVM to transfer their tranche tokens to other chains, but no verifying is done to see if they are expired members or not on the source chain, which can cause loss of funds for some...

Tokens transferred with bridge can get lost if destination transaction can’t be executed

Lines of code Vulnerability details Impact User could lost his tokens, if tx on destination chain will failrevert. There is no option to recover the tokens on source chain. Revert could be cause by function attachThreshold. This function finds the correspondence between the amount and threshhold...

Cross-chain smart contract call can revert and burned tokens in source chain can't be recovered

Lines of code Vulnerability details Summary AXELARGATEWAY.callContract doesn't revert on failure in destination chain , execute function can revert for varies reasons such as not passing require statements, or low gas so tokens remained burned in source chain and can't be recovered . Impact Loss ...

InterchainProposalExecutor will fail if any proposal requires value transfer, breaking core logic

Lines of code Vulnerability details Impact Proposals which are sent from a source chain using InterchainProposalSender to a destination chain to be executed using InterchainProposalExecutor are intended to support function calls that include transfers of ETH, or other native token. However, the...