sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { invalid: admin set who the recipient would be}
Closed sherlock-admin closed 8 months ago
sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { invalid: admin set who the recipient would be}
kgothatso
high
AvailBridge :: sendERC20can revert transaction if receive address is a contract and cause a DOS attackSummary
if
sendERC20sends eth to a contract address that does not accept eth the transaction will not sends the funds to to therecipientaddressVulnerability Detail
contract may not have a fallback function
recipientand will revertImpact
transaction will not send funds to
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L383
Tool used
Manual Review
Recommendation
check if transaction failed before emit an event and use the funds as deposits from the same
recipient