Submission Details
Severity:
Users who bridge temple to participate in staking will lose tokens due to incorrect mint function call.
Summary
TempleTeleporter uses mint which will not work on arbitrum.
Vulnerability Details
Stakers need TEMPLE tokens, and since Staking contract is deployed on Arbitrum, TEMPLE holders need to use TELEPORT to bridge TEMPLE token to Arbitrum first.
And when TempleTeleported recieves the message it calls
function _lzReceive(
Origin calldata /*_origin*/,
bytes32 /*_guid*/,
bytes calldata _payload,
address /*_executor,*/,
bytes calldata /*_extraData */
) internal override {
(address _recipient, uint256 _amount) = abi.decode(_payload, (address, uint256));
temple.mint(_recipient, _amount);
}
it uses temple.mint(), but the TEMPLE token on arbitrum uses bridgeMint().
function bridgeMint(address account, uint256 amount) external virtual override onlyGateway {
_mint(account, amount);
}
See here for the address from the docs.
Impact
Users will burn TEMPLE tokens on mainnet but will not mint one Arbitrum.
Tools Used
manual
Recommendations
use bridgeMint() instead of mint().
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
The TEMPLE contract on Arbi doesn't have a public/external `mint` function
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.