Name: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks Component: ibc-go Criticality: Critical (ACMv1: I:Critical; L:AlmostCertain) Affected versions: < v4.6.0, < v5.4.0, < v6.3.0, < v7.4.0, < v8.2.0 Affected users: Chain Builders + Maintainers Summary Through the deployment and subsequent use of a malicious CosmWasm contract via IBC interactions, an attacker could potentially execute the same MsgTimeout inside the IBC hook for the OnTimeout callback before the packet commitment is deleted. On chains where ibc-hooks wraps ICS-20, this vulnerability may allow for the logic of the OnTimeout callback of the transfer application to be recursively executed, leading to a condition that may present the opportunity for the loss of funds from the escrow account or unexpected minting of tokens. Affected Configurations Chains which satisfy all of the following requirements are considered to be impacted by this vulnerability: * Chain is IBC-enabled and uses a vulnerable version of ibc-go * Chain is CosmWasm-enabled and allows code uploads for wasm contracts by anyone, or by authorized parties (to a lesser extent) * Chain utilizes the ibc-hooks middleware and wraps ICS-20 transfer application Next Steps for Impacted Chain Builders and Maintainers It is advised to immediately upgrade to the latest patch fix version of ibc-go for your chain. If you have already applied a soft-patch through private coordination, we recommend additionally updating to the latest ibc-go…Read More