If the IERC20(token).safeTransfer(dest, value) fails the transaction will revert and the funds will be lost. It can fail if the receiving address is on a blacklist. Or when transferring ETH it can fail if the smart contract doesn't support receiving ether.
evmboi32
high
No way to recover funds from the failed bridge transaction.
Summary
No way to recover funds from the failed bridge transaction.
Vulnerability Detail
If the bridge transaction fails and the recipient is unable to receive the tokens/ETH all funds will be lost.
For example, someone initiates a bridge transaction to bridge USDC from Avail to Ethereum.
On the Ethereum side, the
receiveER20
function is used to process and prove that the bridge transaction is correct and should be processed.If the
IERC20(token).safeTransfer(dest, value)
fails the transaction will revert and the funds will be lost. It can fail if the receiving address is on a blacklist. Or when transferring ETH it can fail if the smart contract doesn't support receiving ether.Impact
All funds can be lost while bridging.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L239-L263
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L271-L292
Tool used
Manual Review
Recommendation
In case of a failure add a mechanism where the bridge tx initiator can claim their tokens back.