diff --git a/contracts/hub/router/src/contract.rs b/contracts/hub/router/src/contract.rs index 6f64d4d..c388f5c 100644 --- a/contracts/hub/router/src/contract.rs +++ b/contracts/hub/router/src/contract.rs @@ -135,7 +135,7 @@ pub fn execute( ibc_receive_internal_call(&mut deps, env, info, receive_msg) } ExecuteMsg::IbcCallbackAckAndTimeout { ack } => { - ibc_ack_packet_internal_call(deps, env, ack) + ibc_ack_packet_internal_call(deps, info, env, ack) } ExecuteMsg::UpdateLock {} => execute_update_lock(deps, info), ExecuteMsg::NativeReceiveCallback { msg, chain_uid } => { diff --git a/contracts/hub/router/src/ibc/ack_and_timeout.rs b/contracts/hub/router/src/ibc/ack_and_timeout.rs index 31bf648..8ded3af 100644 --- a/contracts/hub/router/src/ibc/ack_and_timeout.rs +++ b/contracts/hub/router/src/ibc/ack_and_timeout.rs @@ -1,8 +1,8 @@ #[cfg(not(feature = "library"))] use cosmwasm_std::entry_point; use cosmwasm_std::{ - from_json, Binary, CosmosMsg, DepsMut, Env, IbcBasicResponse, IbcPacketAckMsg, - IbcPacketTimeoutMsg, Response, StdError, StdResult, SubMsg, Uint128, WasmMsg, + ensure, from_json, Binary, CosmosMsg, DepsMut, Env, IbcBasicResponse, IbcPacketAckMsg, + IbcPacketTimeoutMsg, MessageInfo, Response, StdError, StdResult, SubMsg, Uint128, WasmMsg, }; use cosmwasm_std::{to_json_binary, IbcAcknowledgement}; use euclid::chain::{Chain, ChainType, ChainUid, CrossChainUser}; @@ -48,9 +48,14 @@ pub fn ibc_packet_ack( pub fn ibc_ack_packet_internal_call( deps: DepsMut, + info: MessageInfo, env: Env, ack: IbcPacketAckMsg, ) -> Result { + ensure!( + info.sender == env.contract.address, + ContractError::Unauthorized {} + ); // Parse the ack based on request let msg: HubIbcExecuteMsg = from_json(ack.original_packet.data)?; diff --git a/contracts/liquidity/factory/src/contract.rs b/contracts/liquidity/factory/src/contract.rs index 3e37fbb..7a0aa1b 100644 --- a/contracts/liquidity/factory/src/contract.rs +++ b/contracts/liquidity/factory/src/contract.rs @@ -204,7 +204,7 @@ pub fn execute( ), ExecuteMsg::Receive(msg) => receive_cw20(deps, env, info, msg), ExecuteMsg::IbcCallbackAckAndTimeout { ack } => { - ibc::ack_and_timeout::ibc_ack_packet_internal_call(deps, env, ack) + ibc::ack_and_timeout::ibc_ack_packet_internal_call(deps, info, env, ack) } ExecuteMsg::IbcCallbackReceive { receive_msg } => { ibc::receive::ibc_receive_internal_call(deps, env, receive_msg) diff --git a/contracts/liquidity/factory/src/ibc/ack_and_timeout.rs b/contracts/liquidity/factory/src/ibc/ack_and_timeout.rs index 9620d4a..5b47d03 100644 --- a/contracts/liquidity/factory/src/ibc/ack_and_timeout.rs +++ b/contracts/liquidity/factory/src/ibc/ack_and_timeout.rs @@ -1,9 +1,9 @@ #[cfg(not(feature = "library"))] use cosmwasm_std::entry_point; use cosmwasm_std::{ - from_json, to_json_binary, Binary, CosmosMsg, DepsMut, Env, IbcAcknowledgement, - IbcBasicResponse, IbcPacketAckMsg, IbcPacketTimeoutMsg, Int256, ReplyOn, Response, StdError, - StdResult, SubMsg, WasmMsg, + ensure, from_json, to_json_binary, Binary, CosmosMsg, DepsMut, Env, IbcAcknowledgement, + IbcBasicResponse, IbcPacketAckMsg, IbcPacketTimeoutMsg, Int256, MessageInfo, ReplyOn, Response, + StdError, StdResult, SubMsg, WasmMsg, }; use cw20::Cw20Coin; use euclid::{ @@ -58,9 +58,14 @@ pub fn ibc_packet_ack( pub fn ibc_ack_packet_internal_call( deps: DepsMut, + info: MessageInfo, env: Env, ack: IbcPacketAckMsg, ) -> Result { + ensure!( + info.sender == env.contract.address, + ContractError::Unauthorized {} + ); let msg: ChainIbcExecuteMsg = from_json(&ack.original_packet.data)?; reusable_internal_ack_call(deps, env, msg, ack.acknowledgement.data, false) }