In contract BridgeMinter function setToken, it just sets the new tokenAddr, but it does not process the old token balance leaving it stuck in the contract. I think that setToken could also migrate the old balance somewhere before updating the token address.
I can even suggest adding token rescue functions to the contracts that may come in handy in such cases or if someone accidentally sends the tokens directly to the contract. An owner can rescue the tokens if the token is not protected (e.g. intended to be held in the contract).
Recommended Mitigation Steps
An example implementation that could help to rescue old token balance:
yondonfu
commented
2 years ago
Handle
pauliax
Vulnerability details
Impact
In contract BridgeMinter function setToken, it just sets the new tokenAddr, but it does not process the old token balance leaving it stuck in the contract. I think that setToken could also migrate the old balance somewhere before updating the token address. I can even suggest adding token rescue functions to the contracts that may come in handy in such cases or if someone accidentally sends the tokens directly to the contract. An owner can rescue the tokens if the token is not protected (e.g. intended to be held in the contract).
Recommended Mitigation Steps
An example implementation that could help to rescue old token balance: