Cross-chain TempleGold transfers do not work for users with account abstraction wallets
Summary
TempleGold token cross-chain transfers only allow transferring them to the same address on various chains.
if (msg.sender != _to) { revert ITempleGold.NonTransferrable(msg.sender, _to); }
Since account abstraction wallets do not have the same address on different chains, they are disallowed from using this feature - which is possibly an unexpected bug.
Vulnerability Details
As written in summary, the vulnerability stems from the fact TempleGold tokens can not be cross-chained by users who use account abstraction. Account abstraction wallets do not necessarily have the same address on different chains.
Impact
Big part of the community and users are cut off from the protocol.
Tools Used
Manual review
Recommendations
We detect that the only reason for this limitation is for users to not be able to transfer TempleGold tokens between various wallets. But as described in impact - it introduces limitations for a GREAT number of users.
Introduce mechanism for account abstraction wallets to be able to correctly bridge TempleGold tokens on different chains.
Lead Judging Commences
Account abstraction, Multisig, Any other contract based solution that doesn't share the same address across chains will lose it's TGLD in teleport.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.