Closed c4-bot-7 closed 3 months ago
trust1995 marked the issue as unsatisfactory: Invalid
While it may seem similar to issue 19, this report focuses specifically on the use of ERC20 tokens and highlights a critical vulnerability where, in the event of a failure, funds are left in the aggregator. This scenario is particularly problematic since the aggregator is not designed to hold funds, which could lead to significant risks and operational issues.
Additionally, I have another issue, #11, which is a duplicate of issue 19, but it pertains to the use of gas tokens. The distinction between these issues is important as they address different scenarios and token types, both of which require attention to ensure the security and functionality of the contract.
Thank you for your understanding and consideration.
trust1995 marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/ethereum/contracts/THORChain_Router.sol#L346-L376
Vulnerability details
Impact
The
_transferOutAndCallV5
function in theTHORChain_Router
contract fails to return funds to the recipient if the transfer fails due to a failing aggregator. This occurs because the function does not handle the failure of the aggregator swap correctly, leaving the funds in the failing aggregator contract. This can result in a loss of funds for the sender, as the tokens are not returned to them despite the transfer failing.Proof of Concept
The following proof of concept demonstrates how the
transferOutAndCallV5
function fails to return funds to the recipient when the aggregator swap fails:Test Case (Foundry)
Tools Used
Recommended Mitigation Steps
To mitigate this issue, the
_transferOutAndCallV5
function should ensure that funds are returned to the sender if the transfer fails due to a failing aggregator. This can be achieved by reverting the transaction and returning the tokens to the sender in the case of a failed transfer. Additionally, the contract should handle the failure of the aggregator swap gracefully and revert the transaction if the swap fails, ensuring that funds are not lost in the process.Assessed type
Other