Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

contracts/core/ccip/RESDLTokenBridge.sol

kp8877

The smart contract code demonstrates good practices by following modular programming principles and error handling, but let’s dive into potential vulnerabilities or areas of improvement:

1. Reentrancy Risks

Though it uses SafeERC20 to safely interact with ERC20 tokens, the following part of the transferRESDL function may introduce reentrancy risks:

(bool success, ) = msg.sender.call{value: msg.value - fees}("");
if (!success) revert TransferFailed();

  • Issue: If the recipient is a smart contract, this external call can trigger malicious behavior through reentrancy attacks.

  • Mitigation: Use Checks-Effects-Interactions pattern or consider reentrancy guards to prevent potential exploits.

2. Insufficient Authorization Control (msg.sender)

The contract checks if the msg.sender is the owner of a specific token, but ownership checks alone might be insufficient. An attacker could call this function indirectly from other smart contracts, exposing the function to spoofing risks.

  • Recommendation: Use tx.origin checks cautiously if it's relevant, or Access Control patterns (like OpenZeppelin’s Ownable or Roles) to ensure only the expected entities can call the function.

3. Missing receive() and fallback() Functions

Since the contract supports receiving native tokens (msg.value), but there is no receive() or fallback() function defined.

  • Impact: If someone mistakenly sends Ether to the contract without calling the transferRESDL() function, it will be irrecoverably locked.

  • Solution:

receive() external payable {}
fallback() external payable {}

4. Fee Management Risks

The function allows users to overpay fees when using native tokens (msg.value). However, there is no refund threshold or gas check mechanism.

  • Risk: If fees are highly dynamic, there could be a situation where overpayment might occur, causing frustration or financial loss.

  • Improvement: Provide better fee estimation tools or set maximum gas limits that users can’t exceed.

5. Potential Integer Overflow/Underflow

Even though Solidity 0.8.x provides checked arithmetic by default, it is good practice to use SafeMath for arithmetic operations on critical variables like gas fees.

  • Example: Ensure fee calculations involving msg.value, _maxLINKFee, or other amounts are handled carefully to avoid underflow/overflow issues.

6. Missing Event for Critical Operations

You have events like TokenTransferred and TokenReceived. However, some key activities (e.g., successful LINK token transfers) don’t trigger events.

  • Improvement: Emit events for successful token transfers and LINK fee payments to ensure transparency and aid off-chain tracking.

7. Lack of Explicit Token Allowance Check

The contract uses linkToken.safeTransferFrom() to transfer LINK fees from the user, but there’s no explicit allowance check before calling it.

  • Impact: The transaction could fail without a proper allowance, confusing the user.

  • Solution: Add an explicit check for allowance:

if (linkToken.allowance(msg.sender, address(this)) < fees) {
revert InsufficientFee();
}

8. Unprotected External Function Calls

Although onlySDLPoolCCIPController restricts certain external calls, other key functions (like transferRESDL) are open to external users.

  • Potential Issue: An attacker could flood the system with high-gas transactions, causing disruption.

  • Mitigation: Add rate-limiting, anti-spam mechanisms, or gas price requirements to protect the contract from denial-of-service (DoS) attacks.

9. Gas Limit Manipulation

The _gasLimit parameter is provided by the user in transferRESDL. This opens up the contract to malicious gas manipulation, potentially disrupting cross-chain communications.

  • Mitigation: Impose upper and lower bounds on the gas limit.

10. Ensure Chain Compatibility for Cross-Chain Messages

  • Consideration: Make sure that the data encoding/decoding logic aligns with all chains involved. Incompatible serialization between chains could lead to failed transactions.

Summary of Issues and Recommendations:

  1. Reentrancy risk in native token refund logic – Add reentrancy guards.

  2. Authorization checks should be hardened – Consider access control mechanisms.

  3. receive() / fallback() functions are missing – Add to handle accidental Ether transfers.

  4. Fee mismanagement risks – Provide more accurate fee predictions.

  5. Unchecked token allowance – Validate allowances before safeTransferFrom.

  6. Gas limit manipulation – Set reasonable gas limits to avoid disruptions.

This contract is generally well-written but could be improved with tighter security and better operational transparency.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.