search

code-423n4 / 2022-03-lifinance-findings

6 stars 4 forks source link

Caller can lose ETH using the `CBridgeFacet` #96

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L68

Vulnerability details

Impact

A user wanting to bridge ETH via CBridge could lose some amount of ETH.

Proof of Concept

The function startBridgeTokenViaCBridge checks the amount of ETH transfered with msg.value >= _cBridgeData.amount in case the token address is zero.

If a user accidentally sends more ETH than _cBridgeData.amount, that ETH would be held unaccounted for in the contract and be lost for the user.

Recommended Mitigation Steps

Refactor the check to msg.value == _cBridgeData.amount.

H3xept commented 2 years ago

Fixed in previous commit.

H3xept commented 2 years ago

Duplicate of #207