LayneHaber
commented
3 years ago This is true, and we are building penalty mechanisms outside of these contracts. For now we are considering adding in a permissioned launch, see #49
Open code423n4 opened 3 years ago
LayneHaber
commented
3 years ago This is true, and we are building penalty mechanisms outside of these contracts. For now we are considering adding in a permissioned launch, see #49
Handle
cmichel
Vulnerability details
Vulnerability Details
The agreement between the
userand therouterseems to already happen off-chain because all the fields are required for the initialInvariantTransactionDatacall already. A router could pretend to take on a user's cross-chain transfer, the user sends theirpreparetransaction locking up funds on the sending chain. But then theroutersimply doesn't respond or responds with apreparetransaction ofamount=0.Impact
The user's funds are then locked for the entire expiry time whereas the router does not have to lock up anything as the amount is 0, even no gas if they simply don't respond. This way a router can bid on everything off-chain without a penalty and take down everyone that accepts the bid.
Recommended Mitigation Steps
Maybe there must be a penalty mechanism for non-responsive routers that agreed off-chain, slashing part of their added liquidity. Could also be that the bid signature already helps with this, but I'm not sure how it works as the off-chain part is not part of the repo.