Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.6 views

Loss of token if a smart contract perform a cross-chain transfer using source bridge

Lines of code Vulnerability details Impact Loss of a token ownership if a smart contract perform a cross-chain transfer using source bridge Proof of Concept When a caller call burnAndCallAxelar, the token is burnt on source chain and the payload is encoded in this way: bytes memory payload =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.13 views

ERC20 token bridge does not support token with different decimals

Lines of code Vulnerability details ERC20 token bridge does not support token with different decimals Summary ERC20 token bridge does not support token with different decimals Vulnerability Detail In the current implementation: User can perform ERC20 cross-chain transfer via token bridge. Let us...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.10 views

sendFundsToUser() function, where executors are fully trusted to provide the correct information to complete the cross-chain transfer

78 comment Warden: hickuphh3 One area of concern is the sendFundsToUser function, where executors are fully trusted to provide the correct information to complete the cross-chain transfer. Any executor that becomes compromised will enable the attacker to fully drain the available liquidity of a...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.13 views

[WP-M9] sendNative with CBridge will always revert

Lines of code Vulnerability details function startBridgeCBridgeData memory cBridgeData internal Storage storage s = getStorage; address bridge = bridge; // Do CBridge stuff requires.cBridgeChainId != cBridgeData.dstChainId, "Cannot bridge to the same network."; if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/10 12:0 a.m.8 views

Malicious router can block cross-chain-transfers

Handle cmichel Vulnerability details Vulnerability Details The agreement between the user and the router seems to already happen off-chain because all the fields are required for the initial InvariantTransactionData call already. A router could pretend to take on a user's cross-chain transfer, th...

6.8AI score
Exploits0
Rows per page
Query Builder