4 matches found
AxelarGateway.sol: external setup funtion allow anyone to set governance_, mintLimiter_ and operator
Lines of code Vulnerability details Impact Anyone can call through the setup function and pass the params to set the mintlimiter, operator and governance. Proof of Concept As we can in above link, the setup function is called to set the mint limiter, operator and governance address. As per natsc...
Hash Collision Within The epochForHash Mapping
Lines of code Vulnerability details It is not possible for the administrator to transfer operatorship to a new set of Operators/Weights/Threshold that has been previously configured because a hash collision will occur within the epochForHash mapping. Proof-of-Concept Assuming that OLDKEYRETENTION...
Change Admin and Opertorship address through setup function in AxelarGateway
Lines of code Vulnerability details Impact Anyone can set the Admin address and transferOperatorShip to a new address. Proof of Concept A Simple call to the setup function. That will call setAdmins of Axelar Multisig Base contract. Recommended Mitigation Steps Can Add access control on setup...
User's funds can get lost when transferring to other chain
Lines of code Vulnerability details Impact When transferring tokens to other chain, the tokens in the source chain are burned - if they are external they will be transferred to the AxelarGateway, otherwise they will be burned. In the target chain the same amount of tokens will be minted for the...