Summary

The teleport function send 64 bytes but only decodes 52 bytes which can lead to chopping of some data in the amount sent and cause users to mint less than they burned when bridging through the TempleTeleport contract, due to misalignment of encoding and decoding.

Vulnerability Details

In the function teleport at https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleTeleporter.sol#L43 , payload is encoded to bytes32 to force padding of 20 bytes address payload to 32 bytes as seen here https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleTeleporter.sol#L52

In the _lzReceive function at https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleTeleporter.sol#L99 , the decoding decodes with (address, uint256), mind you 64 bytes was encoded at teleport, but 52 bytes are decoded at _lzReceive.

This means that the first 20 bytes is decoded as address, in _lzReceive, and then the next 32 bytes is decoded as amount, this could result in chopping off amounts for large amount of tokens teleported through layerzero bridge.

The likelihood of this happening is low as it would require large amount of tokens to notice this,
The impact of this is high as users would lose some funds on bridging

Impact

The impact of this is high as users would lose some funds on bridging

Tools Used

Manual Review

Recommendations

• update the https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleTeleporter.sol#L107 to