TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

`TempleGold.sol` is Not Compatible with Smart Wallets

0xaman

Summary

The TempleGold contract restricts cross-chain transfers to be performed only on the same address, meaning the user must have the same address on the target chain. However, for smart wallets or smart contract-based wallets, users may have different account addresses on different chains.

Vulnerability Details

The Temple Gold token is minted exclusively on the Arbitrum chain. If you want to transfer it to another chain, you can do so via the LayerZero protocol. However, there is a restriction on cross-chain transfers: tokens can only be transferred to the same address on the target chain, as shown in the code below.

2024-07-templegold/protocol/contracts/templegold/TempleGold.sol:282

282: function send(

283: SendParam calldata _sendParam,

284: MessagingFee calldata _fee,

285: address _refundAddress

286: ) external payable virtual override(IOFT, OFTCore) returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt) {

287: if (_sendParam.composeMsg.length > 0) { revert CannotCompose(); }

288: /// cast bytes32 to address

289: address _to = _sendParam.to.bytes32ToAddress();

290: /// @dev user can cross-chain transfer to self

291:

292: if (msg.sender != _to) { revert ITempleGold.NonTransferrable(msg.sender, _to); }

293:

294: // @dev Applies the token transfers regarding this send() operation.

Tokens will only be transferred if msg.sender==_to , The user will not be able to send templeGold tokens, if msg.sender is a smart wallet and the owner does not have the same smart wallet address on the target chain.
lets consider following case :

Bob places a DAI bid in DaiGoldAuction via his smart contract base wallet address 0x123.
When the auction ends, Bob calls the claim function and receives 10e18 TempleGold tokens.
Now Bob wants to transfer these assets to the Ethereum Mainnet.
Bob calls the send function and tries to transfer TempleGold tokens to his other account 0x456 because the address 0x123 on Ethereum is not owned by him.
The transaction will always revert, and Bob will not be able to transfer the TempleGold tokens to the Ethereum Mainnet.

Impact

TempleGold is not compatible with smart wallets, and users will not be able to transfer tokens cross-chain if the token owner does not have the same wallet address on the target chain.

Tools Used

Manual Review.

Recommendation

Either allow users to send tokens to any address, or do not impose the msg.sender != _to check if msg.sender is a smart wallet or smart contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Account abstraction, Multisig, Any other contract based solution that doesn't share the same address across chains will lose it's TGLD in teleport.

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.