When calling the approveTo()
function inside the L1Bossbridge contract's constructor the approval amount is passed as type(uint256).max which when passed to token.approve statement inside the function will revert since the vault doesn't have that balance to approve the bridge contract.
valut.approveTo statement will trigger the approveTo()
function inside the L1vault contract which has token.transfer(target, amount) statement inside it will revert since the vault has not have that max balance.
The L1Bossbridge contract will not have the approval to move the tokens from the vault.
Manual review
needs to approve only the balance amount of vault.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.