search

code-423n4 / 2024-03-zksync-findings

1 stars 1 forks source link

Large transfers may not work with some ERC20 tokens #118

Closed c4-bot-6 closed 2 months ago

c4-bot-6 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-03-zksync/blob/main/code/contracts/zksync/contracts/bridge/interfaces/IL1ERC20Bridge.sol#L67

Vulnerability details

Some IERC20 implementations (e.g UNI, COMP) may fail if the valued transferred is larger than uint96. Source

File: contracts/ethereum/contracts/bridge/L1ERC20Bridge.sol
67              IERC20(_token).safeTransfer(address(sharedBridge), amount);

https://github.com/code-423n4/2024-03-zksync/blob/main/code/contracts/zksync/contracts/bridge/interfaces/IL1ERC20Bridge.sol#L67

Assessed type

ERC20

c4-sponsor commented 3 months ago

saxenism (sponsor) disputed

saxenism commented 3 months ago

Not enough info. Uni tokens has total supply less than 2^96 units. So we don’t see an issue

alex-ppg commented 2 months ago

The Warden attempts to establish a vulnerability that may arise from utilizing EIP-20 tokens that do not support large transfers, however, there is inadequate elaboration on the submission itself and EIP-20-based submissions have a heavy burden-of-proof.

c4-judge commented 2 months ago

alex-ppg marked the issue as unsatisfactory: Insufficient proof