TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect implementation of _debit in function send

kwakudr

Summary

Incorrect implementation of _debit in function send

Vulnerability Details

As can be seen in the layerzero docs, there is no msg.sender in _debit. there is no need to add msg.sender. This will lead to error in the code execution.

-debit from the implementation should take 3 arguments but the code below takes 4. msg.sender should not be a part of the arguments or params. The code will not execute as intended. This is an error.

(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
msg.sender,
_sendParam.amountLD,
_sendParam.minAmountLD,
_sendParam.dstEid
);

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGold.sol#L295C9-L300C11

https://docs.layerzero.network/v2/developers/evm/oft/quickstart#adding-send-logic

Impact

Incorrect implementation leads to unintended consequences or error in execution.

Tools Used

Manual Review

Recommendations

(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
_sendParam.amountLD,
_sendParam.minAmountLD,
_sendParam.dstEid
);
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

send calls _debit with 4 parameters instead of 3

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.