Closed github-actions[bot] closed 1 year ago
Comment from Optimism
Description: Unchecked to and from address are not 0 can lead to unexpected burn of funds.
Reason: This is a non-issue, and it is up to the user to ensure that they are not sending funds to the zero address (or any incorrect address, for that matter).
0xWeiss
medium
[M-04] Unchecked to and from address are not 0 can lead to unexpected burn of funds.
Summary
In the following function:
The function :
function _initiateBridgeERC20( address _localToken, address _remoteToken, address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes memory _extraData ) internal { the is no validation for the to and from inuts, which could be the 0 address.
Vulnerability Detail
Is calling the finalizeBridgeERC20 in the other contract which makes the transfer to the
to
address. In this case, theto
address is not checked if it is not 0. So, if theto
address is 0, the funds will be burned.Impact
User funds can be burned if the
to
address is 0 due to unexistent validationCode Snippet
Tool used
Manual Review
Recommendation
Add require statements such as: