Assessment reports>IBC Eureka>Discussion>Centralization risks and trust assumptions

Centralization risks and trust assumptions

When a router calls an app with the message, the apps should not blindly trust the message because any user could verify the membership by creating a fake light client.

Similarly, there is a centralization risk involved as the light client could be migrated to a new address. This could lead to a malicious/hacked migrator migrating the light-client address to a fake address such that it could prove fake membership. Or a malicious/hacked migrator could intentionally revert the calls to the light client, which might lead to the tokens of users being stuck.

As per the Interchain Labs team, this is the accepted behavior and the apps should perform their due diligence before trusting the migrator.

Zellic © 2025Back to top ↑