TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of `msg.value` estimation for cross-chain transfers

topstar

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleTeleporter.sol#L43-L58

Summary

The TempleTeleporter contract allows for cross-chain transfer of Temple tokens. The teleport function is not making any fee estimation for cross-chain transfers, potentially causing burned / not send tokens.

Vulnerability Details

Lack of estimation of required gas fees for cross-chain transactions. msg.value is used directly without estimating the necessary fees using the quote function.

Description:

The quote function should be used to calculate the required gas fees before executing the transaction to ensure that msg.value is sufficient.

Impact

If the gas fees are not correctly estimated, transactions may fail due to insufficient funds, leading to potential loss of funds or tokens being burned / locked in the contract without successful transfer.

Tools Used

Manual code review

Recommendations

Estimate Fees: Integrate the quote function to estimate the required fees for the transaction.
Validate msg.value: Ensure that msg.value is sufficient to cover the estimated fees before proceeding with the transaction.

function teleport(

uint32 dstEid,

address to,

uint256 amount,

bytes calldata options

) external payable override returns (MessagingReceipt memory receipt) {

if (amount == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); }

if (to == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }

bytes memory _payload = abi.encodePacked(to.addressToBytes32(), amount);

+ MessagingFee memory estimatedFee = quote(dstEid, _payload, options);

+ require(msg.value >= estimatedFee.nativeFee, "Insufficient msg.value for fees");

temple.burnFrom(msg.sender, amount);

emit TempleTeleported(dstEid, msg.sender, to, amount);

receipt = _lzSend(dstEid, _payload, options, MessagingFee(msg.value, 0), payable(msg.sender));

}

Updates

Lead Judging Commences

inallhonesty Lead Judge

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.