Udsen - `AvailBridge.receiveETH` FUNCTION DOES NOT PERFORM INPUT VALIDAITON CHECK ON RECIPIENT ADDRESS FOR `address(0)` THUS COULD LEAD TO LOSS OF FUNDS #108
AvailBridge.receiveETH FUNCTION DOES NOT PERFORM INPUT VALIDAITON CHECK ON RECIPIENT ADDRESS FOR address(0) THUS COULD LEAD TO LOSS OF FUNDS
Summary
The AvailBridge.receiveETH function lacks input validation check for dest address (recipient) for native eth transfers, thus leading to loss of funds.
Vulnerability Detail
The AvailBridge.receiveETH function is used for ETH transfers from Avail to Ethereum. Initially the message is verified against the merkle proof input and if succesful then the value is transferred to the dest address as shown below:
(bool success,) = dest.call{value: value}(""); //@audit-info - send the eth value to the destination
if (!success) { //@audit-issue - no check on `message.to != address(0)` and `value != 0`
revert UnlockFailed();
}
But the issue here is that there is no input validation check for the dest address for address(0).
Impact
Hence if the recipient address passed in from the message is address(0) the funds transferred via the low-level call function will be lost.
Hence it is recommended to add an input validation check for dest address in the AvailBridge.receiveETH function before the native eth is transferred. And the transaction should revert if the dest address is address(0). Furthermore it is recommended to add an input validation check for the value variable to verify it is !=0.
Udsen
medium
AvailBridge.receiveETH
FUNCTION DOES NOT PERFORM INPUT VALIDAITON CHECK ON RECIPIENT ADDRESS FORaddress(0)
THUS COULD LEAD TO LOSS OF FUNDSSummary
The
AvailBridge.receiveETH
function lacks input validation check fordest
address (recipient) for native eth transfers, thus leading to loss of funds.Vulnerability Detail
The
AvailBridge.receiveETH
function is used forETH transfers from Avail to Ethereum
. Initially themessage
is verified against themerkle proof input
and if succesful then the value is transferred to thedest
address as shown below:But the issue here is that there is no input validation check for the
dest
address foraddress(0)
.Impact
Hence if the
recipient
address passed in from themessage
is address(0) the funds transferred via thelow-level
call function will be lost.Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L239-L263
Tool used
VSCode and Manual Review
Recommendation
Hence it is recommended to add an input validation check for
dest
address in theAvailBridge.receiveETH
function before the native eth is transferred. And the transaction should revert if thedest
address isaddress(0)
. Furthermore it is recommended to add an input validation check for thevalue
variable to verify it is!=0
.