The contract allows minting and burning of tokens based on calls from an external bridge address. The security of the contract is heavily dependent on the integrity and security of this bridge.
Vulnerability Detail
If the bridge address is compromised or the bridge contract has vulnerabilities, it could lead to unauthorized minting or burning of tokens, disrupting the token's supply and potentially leading to loss of funds.
Impact
Unauthorized access to minting and burning can lead to manipulation of the token supply, affecting the token's value and the holders' interests.
The mint and burn functions are protected by the onlyAvailBridge modifier, ensuring that only the specified bridge can call these functions.
Tool used
Manual Review
Recommendation
Secure Management of Bridge Address: Ensure that the bridge address is securely managed and that any mechanism to update it (if present) is robust and protected against unauthorized changes.
Monitor Bridge Interactions: Implement monitoring and alerting mechanisms for minting and burning events to detect any unauthorized or unexpected behavior promptly.
Anubis
medium
Dependency on External Bridge
Summary
The contract allows minting and burning of tokens based on calls from an external bridge address. The security of the contract is heavily dependent on the integrity and security of this bridge.
Vulnerability Detail
If the bridge address is compromised or the bridge contract has vulnerabilities, it could lead to unauthorized minting or burning of tokens, disrupting the token's supply and potentially leading to loss of funds.
Impact
Unauthorized access to minting and burning can lead to manipulation of the token supply, affecting the token's value and the holders' interests.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/WrappedAvail.sol#L23-L36
The mint and burn functions are protected by the onlyAvailBridge modifier, ensuring that only the specified bridge can call these functions.
Tool used
Manual Review
Recommendation