Incomplete Fee Setup in CrosschainDistributor.sol Leads to Inoperative Claims
Summary
The CrosschainDistributor.sol contract, designed to support crosschain claims and transport assets to users via xcall.
Missing setup of the relayerFee in the _settleClaim function leads to dysfunctional claim operations.
Vulnerability Detail
When invoking xcall, it is required to set up the relayerFee either through msg.value or arguments. However, the _settleClaim function does not have this fee setup, which results in the claim operation not functioning.
id = connext.xcall /* @audit {value: relayerFee} */(
_recipientDomain, // destination domain
_recipient, // to
address(token), // asset
_recipient, // delegate, only required for self-execution + slippage
_amount, // amount
0, // slippage -- assumes no pools on connext
bytes('') // calldata
// @audit relayerFee
);
pengun
high
Incomplete Fee Setup in CrosschainDistributor.sol Leads to Inoperative Claims
Summary
The
CrosschainDistributor.solcontract, designed to support crosschain claims and transport assets to users viaxcall. Missing setup of therelayerFeein the_settleClaimfunction leads to dysfunctional claim operations.Vulnerability Detail
When invoking
xcall, it is required to set up therelayerFeeeither throughmsg.valueor arguments. However, the_settleClaimfunction does not have this fee setup, which results in the claim operation not functioning.Impact
Code Snippet
https://github.com/sherlock-audit/2023-06-tokensoft/blob/1f58ddb066ab383c416cfcbf95c9902683506e96/contracts/contracts/claim/abstract/CrosschainDistributor.sol#L78-L86
Tool used
Manual Review
Recommendation
Add relayerFee when
xcallexecuteDuplicate of #143