When sendNative() is called, cbridge expects _amount of native tokens to be sent to it. However, CBridgeFacet does not send any native asset, resulting in a certain revert.
Proof of Concept
In CBridgeFacet._startBridge, ICBridge(bridge).sendNative() doesn't have value set. Thus no native asset will be sent to the bridge.
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L150
Vulnerability details
Impact
When sendNative() is called, cbridge expects _amount of native tokens to be sent to it. However, CBridgeFacet does not send any native asset, resulting in a certain revert.
Proof of Concept
In
CBridgeFacet._startBridge
,ICBridge(bridge).sendNative()
doesn't havevalue
set. Thus no native asset will be sent to the bridge.https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L150
Tools Used
Manual code review.
Recommended Mitigation Steps
Set value