Submission Details
Severity:
GatewayRouterMock::outboundTransfer lack of address check could lead to token stuck forever
Summary
GatewayRouterMock::outboundTransfer lack of address check could lead to token stuck forever if address(this) is used on _to parameter because there is no way to transfer out tokens in this contract
Vulnerability Details
If address(this) ie address(GatewayRouterMock) is used on to parameter there is no way to transfer out tokens in this contract
contract GatewayRouterMock {
function outboundTransfer(
address _token,
address _to,
uint256 _amount,
uint256 _maxGas,
uint256 _gasPriceBid,
bytes calldata _data
) external payable returns (bytes memory) {
IERC20(_token).transferFrom(msg.sender, _to, _amount); // TOKENS ARE TRANSFERED TO THIS
return abi.encode(_token, _to, _amount, _maxGas, _gasPriceBid, _data);
}
But there is no way to transfer out
Impact
Tokens stuck in contract
Tools Used
Manual review
Recommendations
Implement a check to prevent sending tokens to this contract
contract GatewayRouterMock {
function outboundTransfer(
address _token,
address _to,
uint256 _amount,
uint256 _maxGas,
uint256 _gasPriceBid,
bytes calldata _data
) external payable returns (bytes memory) {
require(_to != address(this), " invalid _to");
IERC20(_token).transferFrom(msg.sender, _to, _amount); // TOKENS ARE TRANSFERED TO THIS
return abi.encode(_token, _to, _amount, _maxGas, _gasPriceBid, _data);
}
Prize pool breakdown
Total prize
22,500 USDC
nSLOC
1,05421 USDC / LOC
20,000 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.