krzysztofziobro
commented
4 months ago Invalid submission - issue assumes mistakes in governance actions or malicious committee
Open hats-bug-reporter[bot] opened 4 months ago
krzysztofziobro
commented
4 months ago Invalid submission - issue assumes mistakes in governance actions or malicious committee
Github username: -- Twitter username: 0xleadwizard Submission hash (on-chain): 0x584acb0846aacbf42876b496bd540e7b25649dd87f73f963516517d54d0d1a1b Severity: medium
Description: Description\ In the implementation of bridge contracts, the
recoverNativeandrecoverERC20functions act as single points of failure, allowing the owner to withdraw any user funds from the contract.Given the current threats and incidents of attacks, it would be significantly safer if the owner could only withdraw funds designated as recoverable.
Attack Scenario\ The owner exploits the
recoverNativeorrecoverERC20function to misappropriate user funds.Recommendation\ By using storage variables to monitor funds that encounter errors during the bridging process, this bridge can be made more trustworthy and less dependent on operator integrity.