Multiple contracts within scope of this audit lack some address validation or normalization steps. Some of the affected lines cause just a transaction failure when an incorrect address is provided, wasting gas. But others would render some features unusable until a valid address is recorded.
The following lines were affected:
* dispatch_msg.recipient_addr in contracts/core/mailbox/src/execute.rs:151-156
* Although not possible to validate it as it belongs to a different chain, the address could be normalized to lowercase.
* msg.validator in contracts/isms/multisig/src/execute.rs:66, 98
* Although not possible to validate it as it belongs to a different chain, the
* address length could be checked
* recipient in contracts/core/mailbox/src/execute.rs:215
* msg.recipient in contracts/hooks/routing-custom/src/lib.rs:185
* refund_address in contracts/igps/core/src/execute.rs:114
* router in packages/router/src/lib.rs:98
* set.route in packages/router/src/lib.rs:74
HPL-52 Missing address validation or normalization
Multiple contracts within scope of this audit lack some address validation or normalization steps. Some of the affected lines cause just a transaction failure when an incorrect address is provided, wasting gas. But others would render some features unusable until a valid address is recorded. The following lines were affected: * dispatch_msg.recipient_addr in contracts/core/mailbox/src/execute.rs:151-156 * Although not possible to validate it as it belongs to a different chain, the address could be normalized to lowercase. * msg.validator in contracts/isms/multisig/src/execute.rs:66, 98 * Although not possible to validate it as it belongs to a different chain, the * address length could be checked * recipient in contracts/core/mailbox/src/execute.rs:215 * msg.recipient in contracts/hooks/routing-custom/src/lib.rs:185 * refund_address in contracts/igps/core/src/execute.rs:114 * router in packages/router/src/lib.rs:98 * set.route in packages/router/src/lib.rs:74