Tadle

Summary

The tillIn function in the TokenManager contract has been analyzed for potential vulnerabilities and risks. The primary concerns involve sending ETH to potentially arbitrary addresses and the interaction with the wrapped native token contract. Using Slither for static analysis and enhanced fuzz testing, specific issues and risks were identified and recommendations provided.

Vulnerability Details

The tillIn function sends ETH to a potentially arbitrary address depending on the contract's logic flow. Specifically, when _tokenAddress matches the wrapped native token address, the function wraps the provided ETH and transfers it to a capital pool address. Risks arise from:

• Arbitrary Address Transfers: Sending ETH to addresses controlled by the contract's logic, which may not always be guaranteed safe.

• Contract Interaction Risk: The interaction with the deposit function of the IWrappedNativeToken contract can be dangerous if not carefully managed.

Code snippet: src/core/TokenManager.sol#89

Impact

The primary impacts include:

• Loss of Funds: Unauthorized addresses calling the function could potentially cause ETH to be transferred to unintended addresses, leading to loss of funds.

• Contract Logic Flaws: Any bugs or vulnerabilities in the related wrapped native token contract (i.e., in its deposit function) could be exploited, further leading to loss or unintended behavior.

Tools Used

• Manuel review

Recommendations

To mitigate the identified risks, consider the following recommendations:

• Validate Capital Pool Address: Ensure the capitalPoolAddr is neither a zero address nor the address of the contract:

• Enhanced Function Modifiers: Revisit and ensure onlyInTokenWhiteList and onlyRelatedContracts modifiers are robustly implemented to restrict unauthorized access.