Temple Gold token will lost if user using account abstraction wallet
Summary
Users with account abstraction wallets have a different address across different chains for same account, if users using an account abstraction wallet bridge the asset, assets will be moved to wrong address and lost permanently.
Vulnerability Details
In the TempleGold::send() , the user must enter the to parameter equal to msg.sender which means, the address of msg.sender and to must be the same otherwise the function will revert.
As explained above, if the user uses an abstraction wallet account then the address on the destination chain is different from the origin chain then the user will lose the Temple Gold token he sent.
Impact
User will lose the Temple Gold token he sent using the send() function
Tools Used
Manual Review
Recommended Mitigation
Pass in the warning for account abstraction wallet holders to not send Temple Gold token with send() function.
Lead Judging Commences
Account abstraction, Multisig, Any other contract based solution that doesn't share the same address across chains will lose it's TGLD in teleport.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.