search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

Anubis - Fee Management and Withdrawal #36

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

Anubis

medium

Fee Management and Withdrawal

Summary

The contract charges fees for bridging operations and accumulates them. Proper management of these fees is crucial to prevent unauthorized access or loss.

Vulnerability Detail

The withdrawFees function allows withdrawing accumulated fees to the feeRecipient. The security of these funds relies on the integrity of the feeRecipient address and the correct calculation and handling of fees.

Impact

If the feeRecipient is not securely managed, or if there's a bug in the fee handling logic, there could be unauthorized withdrawal or loss of fees.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L171-L178

The withdrawFees function sends the accumulated fees to the feeRecipient.

Tool used

Manual Review

Recommendation

  1. Secure Management of Fee Recipient: Ensure that the address of the feeRecipient is secure and that the process for updating it is robust and follows best practices.
  2. Audit Fee Handling Logic: Thoroughly audit the logic for fee calculation, accumulation, and withdrawal.
  3. Regularly Monitor Fee Transactions: Implement monitoring for the fee transactions to ensure that withdrawals are as expected and no unauthorized access occurs.
sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { no impact}