5 matches found
Loss of token if a smart contract perform a cross-chain transfer using source bridge
Lines of code Vulnerability details Impact Loss of a token ownership if a smart contract perform a cross-chain transfer using source bridge Proof of Concept When a caller call burnAndCallAxelar, the token is burnt on source chain and the payload is encoded in this way: bytes memory payload =...
ERC20 token bridge does not support token with different decimals
Lines of code Vulnerability details ERC20 token bridge does not support token with different decimals Summary ERC20 token bridge does not support token with different decimals Vulnerability Detail In the current implementation: User can perform ERC20 cross-chain transfer via token bridge. Let us...
sendFundsToUser() function, where executors are fully trusted to provide the correct information to complete the cross-chain transfer
78 comment Warden: hickuphh3 One area of concern is the sendFundsToUser function, where executors are fully trusted to provide the correct information to complete the cross-chain transfer. Any executor that becomes compromised will enable the attacker to fully drain the available liquidity of a...
[WP-M9] sendNative with CBridge will always revert
Lines of code Vulnerability details function startBridgeCBridgeData memory cBridgeData internal Storage storage s = getStorage; address bridge = bridge; // Do CBridge stuff requires.cBridgeChainId != cBridgeData.dstChainId, "Cannot bridge to the same network."; if...
Malicious router can block cross-chain-transfers
Handle cmichel Vulnerability details Vulnerability Details The agreement between the user and the router seems to already happen off-chain because all the fields are required for the initial InvariantTransactionData call already. A router could pretend to take on a user's cross-chain transfer, th...