Summary

Users with account abstraction wallets have different addresses across different chains for the same account, so if user using an account abstraction wallet while sending temple gold token to his own account on different chain, it will always revert due to contract logic. And even if he pass same address , it will not revert but it will be send to another user , as he will have address , which current user has on main chain.

Vulnerability Details

With 5.7 million users and 79 billion assets, there is a very high risk that the users would be using account abstraction wallet while sending temple gold token to other adrress

now , when we look at codebase in TempleGold.sol function send is there.


function send(
SendParam calldata _sendParam,
MessagingFee calldata _fee,
address _refundAddress
) external payable virtual override(IOFT, OFTCore) returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt) {
if (_sendParam.composeMsg.length > 0) { revert CannotCompose(); }
/// cast bytes32 to address
address _to = _sendParam.to.bytes32ToAddress();
/// @dev user can cross-chain transfer to self
if (msg.sender != _to) { revert ITempleGold.NonTransferrable(msg.sender, _to); }

.
.
.

}

User while send it will sendParam with his account to address from another chain which would be different address from this current chain ( if user would have known that) then it will always revert as check is put

if (msg.sender != _to) { revert ITempleGold.NonTransferrable(msg.sender, _to); }

Now consider scenario if user would have not known and send current chain account address in parameter , then it will not revert but temple gold tokens will be transfer to the address which is not his own and he will lost that tokens.

LOC

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleGold.sol#L281C1-L311C6\

Impact

if user using account abstraction wallet , two scenario will happenn, he will not be able to send tokens to his destination chain account address, or if would not have proper knowledge of account abstractionn, he would lead to loss of temple gold tokens as it will be tranfer to another user

Tools Used

Manual Review

Recommendations

Initial thoughts :- Dont put that if condition as it is not necessary msg.sender == to address. And also can put in frontend notification that if user is using account abstarction wallet then add parameters carefully.