TempleGold::send
, allows passing only msg.sender
as a cross-chain recipient, which will result in lost or stolen tokens if executed by a smart contract, old gnosis wallet which is not deployed with a deterministic address, or account abstraction wallet due to the different address on the destination chain.
send
function has a check which prevents Temple token holders from passing to
address != than msg.sender, assuming on the front end there will not be even a possibility to give recipient address, this will result in lost tokens, in a similar to Wintermute fashion - https://rekt.news/wintermute-rekt
We are sure that this is the recipient on the destination chain by simply looking at the natspec of the SendParam
struct: https://github.com/LayerZero-Labs/LayerZero-v2/blob/7aebbd7c79b2dc818f7bb054aed2405ca076b9d6/packages/layerzero-v2/evm/oapp/contracts/oft/interfaces/IOFT.sol#L12
Loss of bridged assets, due to always using msg.sender as a recipient of the cross-chain token send.
Manual Review
Consider allowing users to pass their own recipient, there are no security implications, such as blocked paths or reentrancies observed.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.