From 4264266c5e8547cf54cbf741675e1b0f0017a79b Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Oct 2023 19:42:06 +0900 Subject: [PATCH] add check that denom length is sufficient for slice Signed-off-by: Jun Kimura --- contracts/apps/20-transfer/ICS20Transfer.sol | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/contracts/apps/20-transfer/ICS20Transfer.sol b/contracts/apps/20-transfer/ICS20Transfer.sol index 3a598c76..924f668b 100644 --- a/contracts/apps/20-transfer/ICS20Transfer.sol +++ b/contracts/apps/20-transfer/ICS20Transfer.sol @@ -30,7 +30,7 @@ abstract contract ICS20Transfer is IBCAppBase { bytes memory denomPrefix = _getDenomPrefix(packet.source_port, packet.source_channel); bytes memory denom = bytes(data.denom); - if (denom.slice(0, denomPrefix.length).equal(denomPrefix)) { + if (denom.length >= denomPrefix.length && denom.slice(0, denomPrefix.length).equal(denomPrefix)) { // sender chain is not the source, unescrow tokens bytes memory unprefixedDenom = denom.slice(denomPrefix.length, denom.length - denomPrefix.length); success = _transferFrom( @@ -108,13 +108,14 @@ abstract contract ICS20Transfer is IBCAppBase { virtual { bytes memory denomPrefix = _getDenomPrefix(sourcePort, sourceChannel); - if (!bytes(data.denom).slice(0, denomPrefix.length).equal(denomPrefix)) { + bytes memory denom = bytes(data.denom); + if (denom.length >= denomPrefix.length && denom.slice(0, denomPrefix.length).equal(denomPrefix)) { + require(_mint(_decodeSender(data.sender), data.denom, data.amount)); + } else { // sender was source chain require( _transferFrom(_getEscrowAddress(sourceChannel), _decodeSender(data.sender), data.denom, data.amount) ); - } else { - require(_mint(_decodeSender(data.sender), data.denom, data.amount)); } }