Closed sherlock-admin2 closed 5 months ago
Invalid; nothing has to be done on the else
branch as the tokens are transferred to the user by lzSend
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
seems like design decision; cause function's comments say the function is used to Unwrap and sends underlying to
receiver
.
duc
high
Handling the case where
msg_.unwrap
== false is missed in theTOFTGenericReceiverModule.receiveWithParamsReceiver
functionSummary
See Vulnerability Detail
Vulnerability Detail
TOFTGenericReceiverModule.receiveWithParamsReceiver
function is used to transfer received tokens tomsg_.receiver
. However, this function only attempts to transfer tokens in the case wheremsg_.unwrap
is true. Ifmsg_.unwrap
is false, it doesn't do anything.Impact
Loss of funds for user when using this functionality of TOFT.
Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/TapiocaZ/contracts/tOFT/modules/TOFTGenericReceiverModule.sol#L47-L67
Tool used
Manual Review
Recommendation
Should also consider the case where
msg_.unwrap
is falseDuplicate of #138