search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

rekxor - AvailBridge.sol :: receiveAVAIL() has a wrong check in the if condition L219 #127

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

rekxor

high

AvailBridge.sol :: receiveAVAIL() has a wrong check in the if condition L219

Summary

The function aims to enable AVAIL transfers from Avail to Ethereum

Vulnerability Detail

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L219 Incorrect Revert Condition: The vulnerability allows transactions with assetId equal to zero to proceed, contrary to the intended behavior.

Impact

The contract might allow transactions with non-zero assetId values that should have been rejected. This could lead to unexpected behavior. 

if (assetId != 0x0) {
      revert InvalidAssetId();
}

Tool used

Manual Review

Recommendation

To replace the vulnerable code snippet with the below code snippet:

if (assetId == 0x0) {
    revert InvalidAssetId();
}
sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because {invalid: this is to ensure that its a native token(ETH in this case)}