You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Wormhole Near Watcher contains two issues in its event logs processing logic located in the file tx_processing.go that prevents some valid messages sent from NEAR to other chains from being successfully delivered.
The first issue arises from an incomplete status check, which verifies only the SuccessValue status. However, successful transactions on NEAR can also have a SuccessReceiptId status, leading to missed messages that fail to propagate to the destination chain.
The second issue is that if there are various calls to Wormhole's publish_message in the same receipt, only the last one will be processed as valid, while all other messages will be discarded.
In both cases, messages would be correctly processed in NEAR, but would not get to their destination, implying a potential loss/freezing of funds and a flawed communication between chains.
Recommendation
These issues are integrator specific and cannot be induced arbitrarily by an attacker. The current recommendation is to ensure any integrations use the SuccessValue receipt status and only make a single call to publish_message in the same receipt. It is also recommended that integrators on NEAR thoroughly test on testnet before a mainnet launch to ensure that their use case conforms with the limitations of the watcher.
Description
The Wormhole Near Watcher contains two issues in its event logs processing logic located in the file
tx_processing.gothat prevents some valid messages sent from NEAR to other chains from being successfully delivered.The first issue arises from an incomplete status check, which verifies only the
SuccessValuestatus. However, successful transactions on NEAR can also have aSuccessReceiptIdstatus, leading to missed messages that fail to propagate to the destination chain.The second issue is that if there are various calls to Wormhole's
publish_messagein the same receipt, only the last one will be processed as valid, while all other messages will be discarded.In both cases, messages would be correctly processed in NEAR, but would not get to their destination, implying a potential loss/freezing of funds and a flawed communication between chains.
Recommendation
These issues are integrator specific and cannot be induced arbitrarily by an attacker. The current recommendation is to ensure any integrations use the
SuccessValuereceipt status and only make a single call topublish_messagein the same receipt. It is also recommended that integrators on NEAR thoroughly test on testnet before a mainnet launch to ensure that their use case conforms with the limitations of the watcher.Thanks to @neumo for reporting this behaviour via the Wormhole bug bounty program hosted by Immunefi
The text was updated successfully, but these errors were encountered: