2 matches found
Risk assessment of the finalizeETHWithdrawal function in the bridge contract
Lines of code Vulnerability details Summary The finalizeBridgeETH function: function finalizeETHWithdrawal address from, address to, uint256 amount, bytes calldata extraData external payable finalizeBridgeETHfrom, to, amount, extraData; is a public function, which means that anyone can call it...
Missing allowlist checks on tokens in CrossAnchorBridge could cause loss of funds
Lines of code Vulnerability details Impact The CrossAnchorBridge contract accepts any ERC20 token and transfers them to the wormhole bridge. There were allowlist checks on the tokens before, but they were commented out in this version for the audit. If a user transfers, for example, non-supported...