Description

In the OnRecvPacket() function of the IBC middleware, there are checks to ensure that the time-out on the packet cannot be negative. However, there is not an upper limit set on the time-out.

Since there is no way to cancel a packet once it is sent, and because the maximum amount of retries possible is 255, it is possible for a packet to get stuck in a time-out for an extremely long time. The time-out uses a time.Duration type, which is an int64. The highest possible int64 is a very large number.

Impact

This issue requires an external issue to trigger, because time-outs do not occur normally. This can occur due to an external bug on a chain or due to external issues with relayers. Because of this, the likelihood is low. However, because a user can lose access to their funds for a long time, the severity is medium. This leads to a low impact.

Recommendations

Add a check that ensures the time-out does not exceed an upper bound.

Remediation