In the "sendAVAIL" function, there is insufficient validation of the entered amount of tokens for sending. To receive tokens on another chain, they must first be burned on this chain. If the amount of tokens to burn is greater than the user's balance, the transaction will unexpectedly revert. It also refers to "sendERC20" function.
Impact
Unexpected revert when sending WAVAIL or other erc20.
Recommended to check if there is enough WAVAIL or other erc20 on the user's balance to burn or send
//for function sendAVAIL
require(avail.balanceOf(msg.sender) >= amount, 'Insufficient balance of WAVAIL!');
//for function sendERC20
require(IERC20(token).balanceOf(msg.sender) >= amount, 'Insufficient balance of WAVAIL!');
DenTonylifer
medium
Lack of balance check
Summary
Lack of balance check when sending WAVAIL.
Vulnerability Detail
In the "sendAVAIL" function, there is insufficient validation of the entered amount of tokens for sending. To receive tokens on another chain, they must first be burned on this chain. If the amount of tokens to burn is greater than the user's balance, the transaction will unexpectedly revert. It also refers to "sendERC20" function.
Impact
Unexpected revert when sending WAVAIL or other erc20.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L348 https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L410
Tool used
Manual Review
Recommendation
Recommended to check if there is enough WAVAIL or other erc20 on the user's balance to burn or send