GalloDaSballo
commented
2 years ago Missing 0 address check in constructor :
L
Dependence on block.timestamp, they can be manipulated
Disagree without backing
Dependence on block.chainId , they can be manipulated
I'm unable to verify that statement and for this reason will dispute, please add explanations to your reports in the future
Use safetransfer instead of transfer
Invalid, those are payable.transfer, used to transfer ETH not ERC20s
1L
Missing 0 address check in constructor :
https://github.com/code-423n4/2022-07-axelar/blob/main/xc20/contracts/XC20Wrapper.sol#L27 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/AxelarDepositService.sol#L18
Dependence on block.timestamp, they can be manipulated
https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/AxelarGateway.sol#L157 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/AxelarGateway.sol#L615
Dependence on block.chainId , they can be manipulated
https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/AxelarGateway.sol#L286
Use safetransfer instead of transfer
https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/gas-service/AxelarGasService.sol#L128 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/gas-service/AxelarGasService.sol#L144 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L86 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L71 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L51 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L23 https://github.com/code-423n4/2022-07-axelar/blob/main/xc20/contracts/XC20Wrapper.sol#L63