Lack of ChannelData schema validation in InitializeMessageRecoveryCommand #8621

ishantiw · 2023-06-16T15:23:58Z

Description

The ChannelData provided by the user in the InitializeMessageRecoveryCommand command is decoded but not validated. The inclusion proof prevents rogue values from being used (although a malicious chain could create invalid accounts). We also note that passing the empty string value to trigger a non-inclusion proof is possible, but the decoding would fail in the execute method.

Which version(s) does this affect? (Environment, OS, etc...)

v6.0.0-beta.2

The text was updated successfully, but these errors were encountered:

ishantiw added type: bug framework/module/interoperability Interoperability module labels Jun 16, 2023

ishantiw mentioned this issue Jun 28, 2023

Prepare Lisk SDK v6.0.0 for rc #7226

Closed

Madhulearn added this to the Sprint 99 milestone Jul 4, 2023

Madhulearn modified the milestones: Sprint 99, Sprint 100 Jul 18, 2023

Madhulearn assigned mitsuaki-u Jul 18, 2023

mitsuaki-u closed this as completed Aug 1, 2023

Madhulearn modified the milestones: Sprint 100, Sprint 101 Aug 1, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Lack of ChannelData schema validation in InitializeMessageRecoveryCommand #8621

Lack of ChannelData schema validation in InitializeMessageRecoveryCommand #8621

ishantiw commented Jun 16, 2023

Lack of ChannelData schema validation in InitializeMessageRecoveryCommand #8621

Lack of ChannelData schema validation in InitializeMessageRecoveryCommand #8621

Comments

ishantiw commented Jun 16, 2023

Description

Which version(s) does this affect? (Environment, OS, etc...)