Lack of Validation for Recipient Address in InfernalRiftBelow
Summary
The thresholdCross function and its related internal functions (_thresholdCross721, _thresholdCross1155) fail to validate the recipient address. This can lead to tokens being sent to invalid addresses, resulting in a permanent loss of assets. Validation of the recipient address should be implemented to avoid this issue.
Vulnerability Detail
The contract allows for the transfer of ERC721 and ERC1155 tokens using the thresholdCross function, where the recipient address is passed as an argument. However, there is no check to ensure that the recipient address is valid or non-zero. If an invalid address is provided , tokens could be lost permanently, as they would be sent to a non-recoverable address. This is particularly risky in cross-chain transfers or bridging mechanisms.
Impact
Tokens can be transferred to invalid addresses, leading to a permanent loss of assets. Since the contract is designed to handle cross-chain transfers, losing tokens in such a manner could severely impact the security and functionality of the system.
Blunt Daffodil Iguana
Medium
Lack of Validation for Recipient Address in
InfernalRiftBelowSummary
The
thresholdCrossfunction and its related internal functions(_thresholdCross721, _thresholdCross1155)fail to validate therecipient address. This can lead to tokens being sent to invalid addresses, resulting in a permanent loss of assets. Validation of the recipient address should be implemented to avoid this issue.Vulnerability Detail
The contract allows for the transfer of
ERC721andERC1155tokens using thethresholdCrossfunction, where the recipient address is passed as an argument. However, there is no check to ensure that the recipient address is valid or non-zero. If an invalid address is provided , tokens could be lost permanently, as they would be sent to a non-recoverable address. This is particularly risky in cross-chain transfers or bridging mechanisms.Impact
Tokens can be transferred to invalid addresses, leading to a permanent loss of assets. Since the contract is designed to handle cross-chain transfers, losing tokens in such a manner could severely impact the security and functionality of the system.
Code Snippet
https://github.com/sherlock-audit/2024-08-flayer/blob/main/moongate/src/InfernalRiftBelow.sol#L234C1-L321C1
Tool used
Manual Review
Recommendation
Add validation to ensure that the recipient address is valid.