The EvmDenom
can be updated by the EVM module's MsgUpdateParams
Description
The EvmDenom
parameter, which determines which Cosmos token is used as the EVM's value, is updatable through the EVM module's MsgUpdateParams
message.
Impact
If smart contracts (e.g., vaults) keep track of balances denominated in the native EVM value, they have no way to observe the parameter update in order to invalidate the balance, resulting in incorrect behavior (e.g., incorrect values withdrawn from vaults) as balances accrued in the old token are interpreted according to the new token. However, since MsgUpdateParams
can only be called through the Governance module, this could only be exploited with enough Governance votes to pass proposals to issue MsgUpdateParams
messages with a modified EvmDenom
.
Recommendations
Disallow updating the EvmDenom
parameter.
Remediation
This issue has been acknowledged by Sigma Assets GmbH, and a fix was implemented in commit 7bd13cd0↗.