code-423n4 / 2022-02-anchor-findings

0 stars 0 forks source link

Missing allowlist checks on tokens in `CrossAnchorBridge` could cause loss of funds #69

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-anchor/blob/main/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L173 https://github.com/code-423n4/2022-02-anchor/blob/main/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L251 https://github.com/code-423n4/2022-02-anchor/blob/main/contracts/cross-chain-contracts/ethereum/CrossAnchorBridge.sol#L256

Vulnerability details

Impact

The CrossAnchorBridge contract accepts any ERC20 token and transfers them to the wormhole bridge. There were allowlist checks on the tokens before, but they were commented out in this version for the audit. If a user transfers, for example, non-supported collateral to the bridge contract, the bridge on the Ethereum side will accept it, but the lending market on the Terra side will reject it. As a result, the transferred token could be lost in the bridge contract and is unrecoverable.

Proof of Concept

The following allowlist checks in the CrossAnchorBridge are commented out: CrossAnchorBridge.sol#L173 CrossAnchorBridge.sol#L251 CrossAnchorBridge.sol#L256

However, there are allowlist restrictions on the tokens on the money market contracts, for example: overseer/src/collateral.rs#L37 overseer/src/collateral.rs#L99 overseer/src/state.rs#L77-L89

Recommended Mitigation Steps

Uncomment the allowlist checks in the referenced lines of code. Besides, would suggest adding functionality to add or remove tokens from the allowlist dynamically.

GalloDaSballo commented 2 years ago

Dup of #66