Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🛡️ Arbitrary Fund Acceptance in OKP4 Contracts #562

Closed
ccamel opened this issue May 23, 2024 · 0 comments · Fixed by #571
Closed

🛡️ Arbitrary Fund Acceptance in OKP4 Contracts #562

ccamel opened this issue May 23, 2024 · 0 comments · Fixed by #571
Assignees
@bdeneux
Labels
security audit Categorizes an issue or PR as relevant to Security Audit

Comments

@ccamel
Copy link
Member

ccamel commented May 23, 2024

Note

Severity: Info
target: v5.0.0 - Commit: cde785fbd2dad71608d53f8524e0ef8c8f8178af
Ref: OKP4 CosmWasm Audit Report v1.0 - 02-05-2024 - BlockApex

Description

The OKP4 contracts currently do not have mechanisms to handle or refund arbitrary funds sent to them. This absence can result in the loss of funds mistakenly sent to these contracts, as there is no method implemented for withdrawing such funds.

Impact

Funds sent in error to OKP4 contracts are irretrievable.

Recommendation

Implement checks to reject all funds sent to the contract, preventing unauthorized or accidental transfers
@ccamel ccamel added the security audit Categorizes an issue or PR as relevant to Security Audit label May 23, 2024
@bdeneux bdeneux self-assigned this Jun 3, 2024
@bdeneux bdeneux mentioned this issue Jun 3, 2024
Merged
@bdeneux bdeneux linked a pull request Jun 3, 2024 that will close this issue
Feat/execution without fund #571
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bdeneux bdeneux

Labels
security audit Categorizes an issue or PR as relevant to Security Audit
Projects
💻 Development
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat/execution without fund axone-protocol/contracts
2 participants
@ccamel @bdeneux