Cosmwasm: (HAL-01) VULNERABLE WASM SMART CONTRACT LEADS TO CHAIN HALT

[RafilxTenfen]

Summary

A vulnerability in the WASM integration and the authz module in the cosmos
-sdk has been detected, and was recently exploited to halt another chain
(JUNO). In the vulnerability, A smart contract abused non-deterministic
state in authz grants to save a different hash to all validators.
Juno Halt Root Cause Steps:
• An attacker is deployed a malicious contract on the Juno.
• A malicious contract is located on the Mint Scan

Problem Definition

• During the review of malicious contract, It has been observed that an
attacker’s contract is calling Authz Module MsgGrant and MsgRevoke.
• The smart contract leads to a non-determinism in Authz’s MsgGrant
where the grant expiration was suspected to default to the node’s
OS time if unset by the message sender.
• The reply() feature of CosmWasm allows calling a message and getting back its output events. With a couple of messages, a nondeterministic event ordering occurred in the Authz module, which
causes chain halt.

Proposal

• Disable authz module on cosmwasm or wait for #12781 to be merged and update to that sdk

---

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

[bruce-wayne2]

At present, the problem can also be solved by upgrading the version of wasmd.
v0.28.0

https://github.com/CosmWasm/wasmd/blob/288609255ad92dfe5c54eae572fe7d6010e712eb/x/wasm/keeper/msg_dispatcher.go#L112