Closed sherlock-admin closed 8 months ago
kgothatso
medium
AvailBridge :: updateTokens
Some external interactions send tokens to the account, and the token address is not checked before being registered as a collateral for the account.
loss of funds to non allowed tokens
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L132
Manual Review
Check if tokens are allowed
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Admin is trusted
takarez commented:
invalid because {invalid: admin func}
kgothatso
medium
AvailBridge :: updateTokens
can register a non allowed tokensSummary
Vulnerability Detail
Some external interactions send tokens to the account, and the token address is not checked before being registered as a collateral for the account.
Impact
loss of funds to non allowed tokens
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L132
Tool used
Manual Review
Recommendation
Check if tokens are allowed