fix(transfer): reject slash base denoms on recv to prevent locked escrow#53
Open
notJoon wants to merge 4 commits into
Open
fix(transfer): reject slash base denoms on recv to prevent locked escrow#53notJoon wants to merge 4 commits into
notJoon wants to merge 4 commits into
Conversation
tbruyelle
requested changes
Jun 9, 2026
Collaborator
There was a problem hiding this comment.
This check does not exists in the legacy ibc-go implementation, so it assumes that any denom with slash was rejected during the SendPacket and there is no need to check in RecvPacket.
In a sense, adding this check in RecvPacket seems legit, we should not trust the counterparty chain to adhere to the protocol. So I'm OK with this change.
I just need you to address some comments. Thanks!
tbruyelle
approved these changes
Jun 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
OnRecvPacketminted vouchers for slashed base denoms thatOnSendPacketalready rejects, creating vouchers that could never be sent back and permanently locking counterparty escrow.Commit 4b5fc7e moved slash validation from
unmarshalPayloadtoOnSendPacketto keep refund paths permissive, but it also removed the check from the recv mint path and introduced a send/recv asymmetry.This PR restores that symmetry by rejecting slashed base denoms in
OnRecvPacketbefore minting. Instead of creating an unusable voucher, the recv chain returns an error acknowledgement, allowing the sender to be refunded via the existing ack-error flow.