users using the account abstraction wallet will not be able to cross-chain transfer
Summary
users using the account abstraction wallet will not be able to cross-chain transfer
Context:
TempleGold.sol#L286
Vulnerability Details
It is intended that the TempleGold.sol::send() function prevents users from sending to another address cross-chain aside themselves, which was implemented with the check:
However, this check prevents users using the account abstraction wallet from cross-chain transferring at all including to themselves. This is because users with account abstraction wallets have different addresses across different chains for the same account.
Impact
users using the account abstraction wallet will not be able to cross-chain transfer
Tools Used
Manual Review
Recommendations
Consider an implementation that adjusts for account abstraction users as well such as checking based on account not address
Lead Judging Commences
Account abstraction, Multisig, Any other contract based solution that doesn't share the same address across chains will lose it's TGLD in teleport.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.