Skip to content

ibc: Chain ID parsing incorrectly accepts newlines #4547

New issue
New issue
Open
Open
ibc: Chain ID parsing incorrectly accepts newlines#4547
Labels
_P-V1Priority: slated for V1 releaseconsensus-breakingbreaking change to execution of on-chain datazellic-ibc-needs-remediationFinding by Zellic reviewing the IBC component, needs remediation
@avahowell

Description

@avahowell
avahowell
opened on Jun 4, 2024

Describe the bug
When parsing chain IDs, ibc-types uses a more lenient regex than ibc-go's regex.

For example, ibc-go will consider the chain ID \n-foo-1 to have revision number 0, whereas penumbra-ibc will consider it to have revision number 1.

This likely does not have any security impact, but it is a deviation from the specification and can potentially lead to an issue in the future.

Expected behavior
Include a newline (and possibly anchors) in ibc-types's version of the regex.

pub fn is_epoch_format(chain_id: &str) -> bool {
  - let re = safe_regex::regex!(br".*[^-]-[1-9][0-9]*");
  + let re = safe_regex::regex!(br"^.*[^\n-]-[1-9][0-9]*$");
       re.is_match(chain_id.as_bytes())
   }

Metadata

Metadata

Assignees

No one assigned

    Labels

    _P-V1Priority: slated for V1 releaseconsensus-breakingbreaking change to execution of on-chain datazellic-ibc-needs-remediationFinding by Zellic reviewing the IBC component, needs remediation

    Type

    No type

    Projects

    Penumbra

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions