Fees can be burned due to allowing feeRecipient to be address 0
Summary
The withdrawFees() function in the AvailBridge smart contract, callable by anyone, poses a vulnerability that allows malicious actors to intentionally burn accumulated fees. This risk arises when the feeRecipient is set to address(0) using the updateFeeRecipient() function.
Vulnerability Detail
The withdrawFees() function lacks a proper check on the feeRecipient address, enabling any user, including malicious actors, to deliberately call the function when feeRecipient is set to address(0). This results in the burning of fees, as they are sent to an unrecoverable address.
Impact
Malicious actors can intentionally trigger withdrawFees() when feeRecipient is set to address(0), leading to the deliberate burning of accumulated fees.
Code Snippet
function withdrawFees() external {
uint256 fee = fees;
delete fees;
// @audit fees can be burned if called when **feeRecipient** is not set
// slither-disable-next-line low-level-calls
(bool success, ) = feeRecipient.call{value: fee}("");
if (!success) {
revert WithdrawFailed();
}
}
Tool used
Manual Review
Recommendation
To mitigate this vulnerability, implement a check in the withdrawFees() function to ensure that only a valid (non-zero) feeRecipient can receive fee. Additionally, enhance the updateFeeRecipient() function to disallow setting address(0) as the fee recipient, preventing intentional fee burning by malicious actors.
soliditywala
medium
Fees can be burned due to allowing feeRecipient to be address 0
Summary
The withdrawFees() function in the AvailBridge smart contract, callable by anyone, poses a vulnerability that allows malicious actors to intentionally burn accumulated fees. This risk arises when the feeRecipient is set to address(0) using the updateFeeRecipient() function.
Vulnerability Detail
The withdrawFees() function lacks a proper check on the feeRecipient address, enabling any user, including malicious actors, to deliberately call the function when feeRecipient is set to address(0). This results in the burning of fees, as they are sent to an unrecoverable address.
Impact
Malicious actors can intentionally trigger withdrawFees() when feeRecipient is set to address(0), leading to the deliberate burning of accumulated fees.
Code Snippet
Tool used
Manual Review
Recommendation
To mitigate this vulnerability, implement a check in the withdrawFees() function to ensure that only a valid (non-zero) feeRecipient can receive fee. Additionally, enhance the updateFeeRecipient() function to disallow setting address(0) as the fee recipient, preventing intentional fee burning by malicious actors.