Incorrect Coins comparison allows decreasing sequencer bonds below the configured minimum #1255
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The MsgDecreaseBond message allows sequencer callers to schedule the withdrawal of part of their bond, enforcing a limitation in x/sequencer/keeper/msg_server_decrease_bond.go:36 on the amount requested that disallows sequencers to hold less than the configured MinBond.
Within this check, an incorrect condition based on the IsAllLT function of the Coins structure does not properly account for the case where the sequencer holds tokens in denominations other than that of the MinBond.
A sequencer can exploit this by increasing its bond with any token other than the MinBond denomination to decrease its bond below MinBond.
Consequently, the sequencer would be able to be the proposer even if its bond is less than the required MinBond.
Recommendation
We recommend simplifying the MinBond requirement to check the remaining bond in the MinBond denomination only instead of a full iteration on all denominations.
The text was updated successfully, but these errors were encountered: