Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use a transfer module account as an intermediary address for forwards #6561

Closed
3 tasks
DimitrisJim opened this issue Jun 10, 2024 · 6 comments · Fixed by #6688
Closed
3 tasks

Use a transfer module account as an intermediary address for forwards #6561

DimitrisJim opened this issue Jun 10, 2024 · 6 comments · Fixed by #6688
Assignees
@gjermundgaraba
Labels
20-transfer type: feature New features, sub-features or integrations
Milestone
ICS20 v2 (path fo...

Comments

@DimitrisJim
Copy link
Contributor

Reference code:

ibc-go/modules/apps/transfer/types/keys.go

Lines 86 to 97 in efcfa5d

func GetForwardAddress(portID, channelID string) sdk.AccAddress {
// a slash is used to create domain separation between port and channel identifiers to
// prevent address collisions between escrow addresses created for different channels
contents := fmt.Sprintf("%s/%s", portID, channelID)
// ADR 028 AddressHash construction
preImage := []byte(forwardAddressVersion)
preImage = append(preImage, 0)
preImage = append(preImage, contents...)
hash := sha256.Sum256(preImage)
return hash[:20]
}

Surfaced during internal walkthrough of ics20 v2 forwarding (commit efcfa5d)

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged/assigned
@DimitrisJim
Copy link
Contributor Author

adding needs discussion here, we have an either or we should take care of deciding on (probably requiring some investigation)

@DimitrisJim DimitrisJim added the needs discussion Issues that need discussion before they can be worked on label Jun 10, 2024
@crodriguezvega crodriguezvega added the type: feature New features, sub-features or integrations label Jun 10, 2024
@srdtrk
Copy link
Member

srdtrk commented Jun 11, 2024

I recommend we switch to a module account. In SDK v0.50, bank keeper's BurnCoins method only works on module accounts. This is extended to any account in the next version of the SDK.

The simplifications I'm doing in #6558 would benefit from the ability to use BurnCoins directly

@gjermundgaraba
Copy link
Contributor

I also think module account is the right choice here because it will reduce the risk that we get that forwarding address logic wrong. And the SDK has this functionality built in for exactly these kinds of use cases: https://docs.cosmos.network/main/build/modules/bank#module-accounts

@colin-axner
Copy link
Contributor

Yes we should use SDK module accounts (for forwarding escrow) 👍

Context on why transfer doesn't use module accounts already is that transfer was developed before module accounts was a feature. Migrating all escrow addresses is quite sensitive (and not necessarily beneficial given that the current construction is safe). But this historical baggage should not inform our current decisions when possible. We also use module accounts in ics29

@colin-axner colin-axner removed the needs discussion Issues that need discussion before they can be worked on label Jun 18, 2024
@colin-axner colin-axner changed the title Check if there would be no collisions with the forward address or migrate to use module accounts Use a transfer module account as an intermediary address for forwards Jun 18, 2024
@colin-axner
Copy link
Contributor

Did some extra thinking about needing to create isolated buckets based on the hop port/channel, but it doesn't seem to provide any security benefits. Transfer escrow addresses being indexed by destination port/channel is useful since it creates fault tolerance. If connection to chainB goes malicious, chainB cannot steal funds in escrow for chainC

Given that the only funds moving through the forward address go through the normal transfer logic, I don't see how a malicious chain could generate some sequence of steps to steal from funds deposited through the forward address. In addition, funds should never be stored in the forward address after the transfer message completes execution.

When receiving a packet, tokens are either unescrowed or minted to the forwarding address which will then either escrow or burn. Upon refunds, tokens are either unescrowed or minted to the forwarding address, which will then either be escrow or burned when reversing to the original sender.

@colin-axner colin-axner mentioned this issue Jun 19, 2024
Merged
@gjermundgaraba gjermundgaraba self-assigned this Jun 24, 2024
@gjermundgaraba gjermundgaraba mentioned this issue Jun 24, 2024
Merged
10 tasks
@gjermundgaraba gjermundgaraba linked a pull request Jun 25, 2024 that will close this issue
chore: use module account instead of custom forward address #6688
Merged
10 tasks
@crodriguezvega
Copy link
Contributor

Closed by #6688

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gjermundgaraba gjermundgaraba

Labels
20-transfer type: feature New features, sub-features or integrations
Projects
ibc-go
Archived in project
Milestone
ICS20 v2 (path forwarding) beta
Development

Successfully merging a pull request may close this issue.

chore: use module account instead of custom forward address cosmos/ibc-go
5 participants
@gjermundgaraba @crodriguezvega @DimitrisJim @colin-axner @srdtrk