Submission Details
Severity:
WrappedTokenBridge:getFee Return Fixed values
Summary
getFee() It will alway return one value because it hardcode 1000 ether value to calculate , but basically it return , fee based on amount we want to transfer.
Vulnerability Details
Wrong Fee , If you see in other function when we calculate the fee it, calculated based on the amount you want to transfer, not Fixed amount.
function _transferTokens(
uint64 _destinationChainSelector,
address _sender,
address _receiver,
uint256 _amount,
bool _payNative,
uint256 _maxLINKFee
) internal returns (bytes32 messageId) {
.....
Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
_receiver,
amountToTransfer,
_payNative ? address(0) : address(linkToken)
);
IRouterClient router = IRouterClient(this.getRouter());
uint256 fees = router.getFee(_destinationChainSelector, evm2AnyMessage);
.....
}
Impact
User alway get one fee , No matter want amount he/ she want o transfer.
Tools Used
Manual Review
Recommendations
update the code and one more parameter which all user to give the transferAmount the get Fee on it.
Prize pool breakdown
Total prize
27,500 USDC
nSLOC
1,41419 USDC / LOC
25,000 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.