TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: high
Invalid

Missing Approval of OFTAdapter as Spender for ERC20 Token

Summary

The TempleGold contract integrates with the LayerZero protocol to facilitate cross-chain transfers of the Temple Gold token. It inherits functionality from the OFT (Omnichain Fungible Token) standard provided by LayerZero. One key aspect is ensuring that the contract can send and receive tokens cross-chain, which involves setting appropriate approvals for the OFTAdapter.

Vulnerability Details

In the context of cross-chain transfers, the OFTAdapter contract needs to be approved as a spender of the corresponding ERC20 token. This approval is necessary for the OFTAdapter to send and receive tokens on behalf of the ERC20 contract. Failure to correctly set this approval can result in failed transactions and inability to perform cross-chain operations.

Here's the reference of the details from LayerZero integration checklists -

Make sure that you approve the OFTAdapter as a spender for the corresponding ERC20 token you plan to convert into an OFT, which will allow the OFTAdapter contract to send/receive tokens cross-chain on behalf of the ERC20.

Impact

If the OFTAdapter is not approved, any attempt to transfer tokens cross-chain will fail. Users may face disruptions in the functionality of the contract.

Tools Used

Manual Review

Recommendations

Ensure that the OFTAdapter is approved as a spender for the corresponding ERC20 token immediately after deploying the TempleGold contract. This can be done in the constructor or in an initialization function.

It can take of the following form -

function approveOFTAdapter(address OFTAdapter, uint256 amount) external onlyOwner {
IERC20(ERC20Token).approve(OFTAdapter, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.