search

hats-finance / Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d

Aleph Zero bridge to Ethereum
Apache License 2.0
0 stars 1 forks source link

Most will not work with tokens with high decimals due to overflow #26

Open hats-bug-reporter[bot] opened 5 months ago

hats-bug-reporter[bot] commented 5 months ago

Github username: @JJtheAndroid Twitter username: -- Submission hash (on-chain): 0x74c794cd18885dec4941d179d04e41863e81093d2c660582186981ec82cd6a2a Severity: low

Description: Description\

Most bridge will not work with tokens with high decimals due to overflow

Attack Scenario\

The Move Bridge allows a user to send tokens to the move bridge, where it is locked. After that a an event is sent to the relayer which then send the message to AZ to mint wrapped versions of the tokens.

The problem is that the amount that can be sent from the ETH chain is typed as a U256 shown here.

https://github.com/hats-finance/Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d/blob/70ab234cc3322fda82784413f5e0704907a0e1fe/eth/contracts/Most.sol#L136

   function sendRequest(
        bytes32 srcTokenAddress,
        uint256 amount,
        bytes32 destReceiverAddress
    )

However the PSP version of the minted wrapped token has both the total supply and the balanceOf implementations typed as a U128

https://github.com/hats-finance/Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d/blob/70ab234cc3322fda82784413f5e0704907a0e1fe/azero/contracts/token/lib.rs#L155-L162

  impl PSP22 for Token {
        #[ink(message)]
        fn total_supply(&self) -> u128 {
            self.data.total_supply()
        }

        #[ink(message)]
        fn balance_of(&self, owner: AccountId) -> u128 {
            self.data.balance_of(owner)
        }

This opens the door to an overflow where users can lose funds if they send more than U128 from the EVM chain.

Example:

Consider a user attempting to transfer an amount of tokens from the ETH chain to the AZ chain through the Move Bridge. The user decides to send an amount slightly greater than U128, such as U128+1, which is within the permissible range on the ETH chain due to its uint256 typing, expecting to receive an equivalent amount of wrapped tokens on the AZ chain.

However, since the AZ chain's PSP22 implementation uses u128 for storing the total supply and balances, it cannot handle such a value. Thus, when the bridge attempts to mint the wrapped tokens on the AZ chain, the amount exceeds the maximum value that can be represented by u128. This leads to an integer overflow, resetting the amount to 0, instead of correctly reflecting the transferred amount. This would result in a huge loss of funds for the user

This vulnerability is more pronounced with tokens with high decimals such as DOGE or other memecoins where it is not uncommon to send more than U128

Mititgation

The total supply for both AZ and the EVM chain should be match. Either they are both U256 or both U128

krzysztofziobro commented 5 months ago

See last item of "Out of scope": https://app.hats.finance/audit-competitions/most-aleph-zero-bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d/scope