TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: low
Valid

`TempleTeleporter.quote()` returns wrong value

Summary

TempleTeleporter.quote()returns smaller fee than the expected one.

Vulnerability Details

A teleport message is a 64-byte sequence where the first 32 bytes are the sender's address and the second 32 bytes is the amount to be teleported.

The above function quotes the Endpoint assuming the address is 20-bytes long

return _quote(_dstEid, abi.encodePacked(_to, _amount), _options, false);

This will result in a message that is 52 bytes instead of 64 and the returned fee will be less than the actual fee

Impact

Users that query this function will send less funds than needed and their tokens will not be teleported.

Tools Used

Manual Review

Recommendations

Use abi.encode

- return _quote(_dstEid, abi.encodePacked(_to, _amount), _options, false);
+ return _quote(_dstEid, abi.encode(_to, _amount), _options, false);_
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect payload bytes in `quote()` they use `abi.encodePacked(_to, _amount)` instead of `abi.encodePacked(_to.addressToBytes32(), _amount)`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.