3 matches found
if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain
Lines of code Vulnerability details Impact Attackers can gain control of User's Virtual Accounts and steal all the assets these accounts hold in the Root environment Proof of Concept When sending signed messages from a Branch to Root, the RootBridgeAgent contract calls the...
Token Loss on Failed Destination Chain Call
Lines of code Vulnerability details Impact The burnAndCallAxelar function allows users to burn tokens from their account with the intention of executing a cross-chain call. However, the tokens are burned before the cross-chain call is attempted. If the cross-chain call fails on the destination...
Risk of Token Get Stuck in burnAndCallAxelar Function due to Use of Same Chain ID
Lines of code Vulnerability details Impact The burnAndCallAxelar function within the contract presents a potential risk where tokens can become stuck if the same chain ID is used for both the source and destination chains. In this scenario, tokens are burned from the user's account, and a...