WithdrawFees can be called by anyone which can lead to loss of funds.

Summary

In AvailBridge.sol the function WithdrawFees allows anyone to place a withdrawal towards the FeeRecipient. This in itself is not a problem at first glance, but could become a means to loss of funds.

Vulnerability Detail

If a malicious user gains access to the fee recipient, they have the ability to consistently withdraw fees to the recipient destination. This risk persists as long as the team has not changed the fee recipient, potentially resulting in an additional loss of funds or in another example causing hindrance to the team funds

Impact

Critical Example :

Bob compromises the Feerecipient address
Team will obviously update to new Feerecipient
but in meantime team will lose funds
because Bob can call withdrawFees to old recipient
Team has no pause mechanism for withdrawing aswell
Team loses out on additional funds

Medium Example :
Team decides to change Feerecipient
Bob watches this function and sees this movement
Bob calls Withdrawfees with high gas prio on the Old Recipient
This will go through before the Feerecipient change happens
Team gets fees sent to old recipient address
if team does not have access to this address anymore, they lose fees

Regardless of the specific example chosen, the outcome remains consistent – it poses a hindrance at the very least and, in the worst-case scenario, leads to a potential loss of funds.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L162-L179

Tool used

Manual Review

Recommendation

+ function withdrawFees() external onlyRole(DEFAULT_ADMIN_ROLE)

sherlock-audit / 2023-12-avail-judging

dermaroller5 - WithdrawFees can be called by anyone which can lead to loss of funds. #115