Proposals that require value cannot be executed as native tokens on the other side of the bridge cannot be provided.
Proof of Concept
Proposals have a value parameter, which allows users to specify what amount of native tokens should be passed when calling the destination contract. The issue arises because there is no way for native tokens to be sent to the InterchainProposalExecutor contract so it can properly execute the proposal.
Tools Used
Manual Review
Recommended Mitigation Steps
Add a receive function to InterchainProposalExecutor or AxelarExecutable so native tokens can be sent to the destination chain executor contract.
Lines of code
https://github.com/code-423n4/2023-07-axelar/blob/main/contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L22
Vulnerability details
Impact
Proposals that require value cannot be executed as native tokens on the other side of the bridge cannot be provided.
Proof of Concept
Proposals have a value parameter, which allows users to specify what amount of native tokens should be passed when calling the destination contract. The issue arises because there is no way for native tokens to be sent to the InterchainProposalExecutor contract so it can properly execute the proposal.
Tools Used
Manual Review
Recommended Mitigation Steps
Add a receive function to InterchainProposalExecutor or AxelarExecutable so native tokens can be sent to the destination chain executor contract.
Assessed type
Other