code-423n4 / 2023-07-axelar-findings

2 stars 0 forks source link

The is no way for native tokens to get sent to InterchainProposalExecutor #468

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-axelar/blob/main/contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L22

Vulnerability details

Impact

Proposals that require value cannot be executed as native tokens on the other side of the bridge cannot be provided.

Proof of Concept

Proposals have a value parameter, which allows users to specify what amount of native tokens should be passed when calling the destination contract. The issue arises because there is no way for native tokens to be sent to the InterchainProposalExecutor contract so it can properly execute the proposal.

Tools Used

Manual Review

Recommended Mitigation Steps

Add a receive function to InterchainProposalExecutor or AxelarExecutable so native tokens can be sent to the destination chain executor contract.

Assessed type

Other

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as duplicate of #319

c4-judge commented 1 year ago

berndartmueller marked the issue as satisfactory