search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

Anubis - Dependency on External Bridge #39

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

Anubis

medium

Dependency on External Bridge

Summary

The contract allows minting and burning of tokens based on calls from an external bridge address. The security of the contract is heavily dependent on the integrity and security of this bridge.

Vulnerability Detail

If the bridge address is compromised or the bridge contract has vulnerabilities, it could lead to unauthorized minting or burning of tokens, disrupting the token's supply and potentially leading to loss of funds.

Impact

Unauthorized access to minting and burning can lead to manipulation of the token supply, affecting the token's value and the holders' interests.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/WrappedAvail.sol#L23-L36

The mint and burn functions are protected by the onlyAvailBridge modifier, ensuring that only the specified bridge can call these functions.

Tool used

Manual Review

Recommendation

  1. Secure Management of Bridge Address: Ensure that the bridge address is securely managed and that any mechanism to update it (if present) is robust and protected against unauthorized changes.
  2. Monitor Bridge Interactions: Implement monitoring and alerting mechanisms for minting and burning events to detect any unauthorized or unexpected behavior promptly.
sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because {invalid: no clear impact}