sherlock-admin
commented
8 months ago 2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Admin is trusted
takarez commented:
invalid because {invalid: admin func}
Closed sherlock-admin closed 8 months ago
sherlock-admin
commented
8 months ago 2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Admin is trusted
takarez commented:
invalid because {invalid: admin func}
kgothatso
medium
AvailBridge :: updateTokenscan register a non allowed tokensSummary
Vulnerability Detail
Some external interactions send tokens to the account, and the token address is not checked before being registered as a collateral for the account.
Impact
loss of funds to non allowed tokens
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L132
Tool used
Manual Review
Recommendation
Check if tokens are allowed