5 matches found
InterchainProposalExecutor will fail if any proposal requires value transfer, breaking core logic
Lines of code Vulnerability details Impact Proposals which are sent from a source chain using InterchainProposalSender to a destination chain to be executed using InterchainProposalExecutor are intended to support function calls that include transfers of ETH, or other native token. However, the...
The is no way for native tokens to get sent to InterchainProposalExecutor
Lines of code Vulnerability details Impact Proposals that require value cannot be executed as native tokens on the other side of the bridge cannot be provided. Proof of Concept Proposals have a value parameter, which allows users to specify what amount of native tokens should be passed when calli...
Attacker can steal funcds from InterchainProposalExecutor contract
Lines of code Vulnerability details Impact In InterchainProposalSender users can send proposals to diffrent chains by passing the call data InterchainCalls.Call into sendProposals or sendProposal functions, this struct contains another struct Call which contains target, value and call data, but...
InterchainProposalExecutor doesn't support actions with value
Lines of code Vulnerability details Impact An interchain call consists of the target address, calldata, and value. When InterchainProposalExecutor performs the call, it passes the value along function executeProposalInterchainCalls.Call memory calls internal for uint256 i = 0; i calls.length; i++...
Users do not get charged for the value their proposal will need
Lines of code Vulnerability details Impact Depending on whether the destination chain InterchainProposalExecutor's native token balance the transaction will either steal funds or will fail. Proof of Concept Users can provide an amount of native tokens they want to send to the call they will make ...