Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because {invalid: all the functions with that modifier are meant to be from avail to ethereum and not any other way}
John_Femi
medium
Bridge can only be done in one direction
Summary
Based on the modifier added to all functions used for sending messages and tokens, it is seen that the contract only allows one direction for bridging.
Vulnerability Detail
The vulnerability can be found in this modifier
As seen in this modifier, this only allows messages/value from avail to eth chains but not eth to avail chains and as explained in the scope document this contract is to be deployed in Ethereum Mainnet, this means messages from avail to eth chains will always be reverted.
Impact
Loss of revenue/data due to bad bridging
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L57-L62
Tool used
Manual Review
Recommendation
Ensure bi-directional bridging is done. Rewrite the modifier to be