stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`SDLPoolCCIPController` and `RESDLTokenBridge` depend on CCIP for cross-chain functionality.

emerald7017

Summary

The core protocol contracts like SDLPoolCCIPController and RESDLTokenBridge rely on CCIP for:

Sending/receiving reSDL NFTs between chains
Processing updates between primary and secondary pools

Vulnerability Details

This dependence leads to a central point of failure - if CCIP is disrupted, cross-chain interoperability will halt.

Some potential issues:

CCIP router contracts or infrastructure goes down
Chainlink nodes that process CCIP jobs are disrupted
Messaging failures if CCIP extraArgs or fees misconfigured

Impact

The SDLPoolCCIPControllerPrimary.sol#distributeRewards handling a cross-chain transfer

function distributeRewards() external onlyRewardsInitiator {

uint256 totalRESDL = ISDLPoolPrimary(sdlPool).effectiveBalanceOf(address(this));

address[] memory tokens = ISDLPoolPrimary(sdlPool).supportedTokens();

uint256 numDestinations = whitelistedChains.length;

ISDLPoolPrimary(sdlPool).withdrawRewards(tokens);

uint256[][] memory distributionAmounts = new uint256[][](numDestinations);

for (uint256 i = 0; i < numDestinations; ++i) {

distributionAmounts[i] = new uint256[](tokens.length);

}

for (uint256 i = 0; i < tokens.length; ++i) {

address token = tokens[i];

uint256 tokenBalance = IERC20(token).balanceOf(address(this));

address wrappedToken = wrappedRewardTokens[token];

if (wrappedToken != address(0)) {

IERC677(token).transferAndCall(wrappedToken, tokenBalance, "");

tokens[i] = wrappedToken;

tokenBalance = IERC20(wrappedToken).balanceOf(address(this));

}

uint256 totalDistributed;

for (uint256 j = 0; j < numDestinations; ++j) {

uint64 chainSelector = whitelistedChains[j];

uint256 rewards = j == numDestinations - 1

? tokenBalance - totalDistributed

: (tokenBalance * reSDLSupplyByChain[chainSelector]) / totalRESDL;

distributionAmounts[j][i] = rewards;

totalDistributed += rewards;

}

for (uint256 i = 0; i < numDestinations; ++i) {

_distributeRewards(whitelistedChains[i], tokens, distributionAmounts[i]);

}

As you can see, the contract builds a CCIP message to transfer the reSDL NFT and then relies on ccipSend to actually send it across chains.

Any issues with the router contract, CCIP infrastructure, or Chainlink nodes would cause this transfer to fail - halting cross-chain interoperability.

Tools Used

Manual Review

Recommendations

Diversifying the integration and limiting the reliance on specific CCIP components would help make the system more resilient.

Build a decentralized network of CCIP routers
Implement redundancy across multiple Chainlink nodes
Abstract CCIP integration to limit impact radius

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.