Card Partner address lacks of sanity checks and not done in 2 steps
Summary
HardenedTopupProxy has setCardPartnerAddress function to set the L1 Eth address for card topup settlement. But this important change should be in two steps as;
There is no sanity check carried out.
Human error
Vulnerability Detail
A wrong card partner address set can lead the funds to be sent to a wrong EOA address including address(0), or worst - to a contract.
Impact
Loss of funds
Code Snippet
function setCardPartnerAddress(address _cardPartnerAddress) public onlyAdmin {
cardPartnerAddress = _cardPartnerAddress;
}
sorrynotsorry
informational
Card Partner address lacks of sanity checks and not done in 2 steps
Summary
HardenedTopupProxy has
setCardPartnerAddressfunction to set the L1 Eth address for card topup settlement. But this important change should be in two steps as;Vulnerability Detail
A wrong card partner address set can lead the funds to be sent to a wrong EOA address including address(0), or worst - to a contract.
Impact
Loss of funds
Code Snippet
Permalink
Tool used
Manual Review
Recommendation
Carry out the address change in two steps as in OpenZeppelin's ownable.sol