Petite Spruce Mammoth - Lack of validation for `bridgeAddress` and `amount` in `transferToBridge` will potentially lead to lose funds and DoS attacks by spamming transactions in `BridgeFacet.sol` #70
Lack of validation for bridgeAddress and amount in transferToBridge will potentially lead to lose funds and DoS attacks by spamming transactions in BridgeFacet.sol
Summary
Lack of validation for bridgeAddress and amount in transferToBridge in BridgeFacet.sol will potentially lead to lose funds and DoS attacks by spamming transactions.
Petite Spruce Mammoth
Low/Info
Lack of validation for
bridgeAddress
andamount
intransferToBridge
will potentially lead to lose funds and DoS attacks by spamming transactions inBridgeFacet.sol
Summary
Lack of validation for
bridgeAddress
andamount
intransferToBridge
inBridgeFacet.sol
will potentially lead to lose funds and DoS attacks by spamming transactions.Root Cause
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/facets/Bridge/BridgeFacet.sol#L16-L19 The function does not check if bridgeAddress is a valid address (e.g., non-zero address). If an attacker or user accidentally sends funds to address
0x0
, they could lose the funds irreversibly. Ifamount == 0
, it could result in a meaningless or malicious transaction. Zero-value transfers may clutter the blockchain and potentially open doors for Denial of Service (DoS) attacks by spamming transactions.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
PoC
No response
Mitigation
Add input validation to check that
bridgeAddress
is not0x0
and that amount is greater than zero.