2 matches found
outboundTransfer should return excess msg.value
Lines of code Vulnerability details Impact In function outboundTransfer, if users sends more msg.value than required, by accident, then the remaining msg.value is not sent back. So, if msg.value amount argument, then the excess msg.value is not sent back to msg.sender. This causes loss of funds f...
If L1GraphTokenGateway's outboundTransfer is called by a contract, the entire msg.value is blackholed, whether the ticket got redeemed or not.
Lines of code Vulnerability details The outboundTransfer function in L1GraphTokenGateway is used to transfer user's Graph tokens to L2. To do that it eventually calls the standard Arbitrum Inbox's createRetryableTicket. The issue is that it passes caller's address in the submissionRefundAddress a...