TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Fee Validation Issue in `send` Function of `TempleGold` Contract

0xbeastboy

Summary

The send function in the TempleGold contract lacks sufficient validation for the fees specified in the _fee parameter. This oversight can lead to potential vulnerabilities or disruptions in cross-chain token transfers due to unreasonable fees or insufficient user funds.

Vulnerability Details

The send function facilitates cross-chain transfers of Temple Gold tokens (TGLD) and interacts with the LayerZero endpoint. However, it fails to adequately validate the following aspects related to fees within the _fee parameter.

The function does not verify whether the fees specified in _fee are reasonable or within expected ranges. This can lead to users inadvertently specifying excessively high or invalid fees, affecting transaction viability or user experience.

There is no validation to ensure that the user initiating the transfer has sufficient funds to cover the fees specified in _fee. This oversight can result in transaction failures or incomplete transfers if users do not provide adequate funds upfront.

See the following code:

function send(
SendParam calldata _sendParam,
MessagingFee calldata _fee,
address _refundAddress
) external payable virtual override(IOFT, OFTCore) returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt) {
if (_sendParam.composeMsg.length > 0) { revert CannotCompose(); }
/// cast bytes32 to address
address _to = _sendParam.to.bytes32ToAddress();
/// @dev user can cross-chain transfer to self
if (msg.sender != _to) { revert ITempleGold.NonTransferrable(msg.sender, _to); }
// @dev Applies the token transfers regarding this send() operation.
// - amountSentLD is the amount in local decimals that was ACTUALLY sent/debited from the sender.
// - amountReceivedLD is the amount in local decimals that will be received/credited to the recipient on the remote OFT instance.
(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
msg.sender,
_sendParam.amountLD,
_sendParam.minAmountLD,
_sendParam.dstEid
);
// @dev Builds the options and OFT message to quote in the endpoint.
(bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam, amountReceivedLD);
// @dev Sends the message to the LayerZero endpoint and returns the LayerZero msg receipt.
msgReceipt = _lzSend(_sendParam.dstEid, message, options, _fee, _refundAddress);
// @dev Formulate the OFT receipt.
oftReceipt = OFTReceipt(amountSentLD, amountReceivedLD);
emit OFTSent(msgReceipt.guid, _sendParam.dstEid, msg.sender, amountSentLD, amountReceivedLD);
}

Impact

Specifying unreasonable fees can lead to transaction rejections or failures, disrupting cross-chain transfer operations. Inadequate fee validation may result in unexpected costs for users, affecting trust and usability of the contract. Exploitation of fee validation gaps could potentially be leveraged by malicious actors to manipulate transaction outcomes or disrupt contract operations.

Tools Used

Manual Review

Recommendations

Validate that the user initiating the transfer has sufficient token balances to cover the fees specified in _fee. This can prevent transaction failures due to insufficient funds.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Fee validation issue in send

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.