Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L68
A user wanting to bridge ETH via CBridge could lose some amount of ETH.
The function startBridgeTokenViaCBridge checks the amount of ETH transfered with msg.value >= _cBridgeData.amount in case the token address is zero.
startBridgeTokenViaCBridge
msg.value >= _cBridgeData.amount
If a user accidentally sends more ETH than _cBridgeData.amount, that ETH would be held unaccounted for in the contract and be lost for the user.
_cBridgeData.amount
Refactor the check to msg.value == _cBridgeData.amount.
msg.value == _cBridgeData.amount
Fixed in previous commit.
Duplicate of #207
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L68
Vulnerability details
Impact
A user wanting to bridge ETH via CBridge could lose some amount of ETH.
Proof of Concept
The function
startBridgeTokenViaCBridge
checks the amount of ETH transfered withmsg.value >= _cBridgeData.amount
in case the token address is zero.If a user accidentally sends more ETH than
_cBridgeData.amount
, that ETH would be held unaccounted for in the contract and be lost for the user.Recommended Mitigation Steps
Refactor the check to
msg.value == _cBridgeData.amount
.