Lack of zero checks in updateTokens allows AvailBridge assetId to be set
Summary
AvailBridge uses assetIds to map bytes32 values to ERC20 tokens. These are provided as arguments by users when referring to ERC20 assets. In a message the native token Avail has the zero ID but setting its asset ID to its contract would allow it to be used with the generic sendERC20 method.
Vulnerability Detail
A separate method is provided to bridge Avail but if its address is added to the tokens mapping, it will be possible to use the generic method for ERC20s which won't mint and burn Avail as intended. The admin is able to do so due to the lack of zero checks.
Impact
This could allow users to use the contract in a way that wasn't intended and tokens will not be minted and burned as the bridge is used.
m4ttm
medium
Lack of zero checks in updateTokens allows AvailBridge assetId to be set
Summary
AvailBridge
uses assetIds to map bytes32 values to ERC20 tokens. These are provided as arguments by users when referring to ERC20 assets. In a message the native token Avail has the zero ID but setting its asset ID to its contract would allow it to be used with the genericsendERC20
method.Vulnerability Detail
A separate method is provided to bridge Avail but if its address is added to the
tokens
mapping, it will be possible to use the generic method for ERC20s which won't mint and burn Avail as intended. The admin is able to do so due to the lack of zero checks.Impact
This could allow users to use the contract in a way that wasn't intended and tokens will not be minted and burned as the bridge is used.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/1afb56b8d4dfbf5d3f21bed0ddf80a04730204b5/contracts/src/AvailBridge.sol#L132-L147
Tool used
Manual Review
Recommendation
Add zero checks to
updateTokens
.