Potential Loss of Funds due to Lack of Recipient Validation
Summary
The depositTokensToL2 function lacks recipient address validation, potentially leading to a vulnerability where users could erroneously designate the token contract address as the recipient, risking potential fund loss.
Vulnerability Details
The depositTokensToL2 function allows token transfers to any designated address without validating whether the recipient address is the token contract itself. This lack of validation exposes the system to the risk of unintended transfers to addresses that may mishandle or not support incoming token transfers.
Impact
The absence of recipient address validation can lead to misdirected transactions, potentially resulting in the loss of funds. Users may mistakenly send tokens to the token contract, leading to an inability to retrieve or handle these transferred tokens, causing financial loss.
Tools Used
Manual inspection
Recommendations
Implement a validation check within the depositTokensToL2 function to disallow the token contract address as a recipient. This preventative measure will significantly reduce the risk of accidental fund loss due to misdirected transactions. Enforcing such a validation step will enhance the security and usability of the system.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.