TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Bridged TempleGold will be lost for Account Abstraction users

n0kto

Description

The TempleGold::send function allows users to bridge their tokens to the same address on another chain. The problem is that all users utilizing an account abstraction wallet will not be able to bridge their TempleGold tokens from one chain to another. This is because they can have different addresses across chains for the same account. Therefore, all the TempleGold tokens will be bridged to an incorrect address and lost forever.

function send(
@> SendParam calldata _sendParam,
MessagingFee calldata _fee,
address _refundAddress
)
external
payable
virtual
override(IOFT, OFTCore)
returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt)
{
if (_sendParam.composeMsg.length > 0) {
revert CannotCompose();
}
/// cast bytes32 to address
address _to = _sendParam.to.bytes32ToAddress();
/// @dev user can cross-chain transfer to self
@> if (msg.sender != _to) {
revert ITempleGold.NonTransferrable(msg.sender, _to);
}
...
}

Risk

Likelyhood: High

  • A lot of account abstraction user will be impacted.

This is highly likely because the website/dapp will build the parameters and there is no reason to ask for the receiver (_to) since the protocol does not allow transfers to other addresses.

Impact: High

  • Loss of funds

Recommended Mitigation

Warn users in the UX and ask them twice if they are sure they own the account on the other chain.

Alternatively, check if msg.sender is a smart contract and revert.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Account abstraction, Multisig, Any other contract based solution that doesn't share the same address across chains will lose it's TGLD in teleport.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.