search

sujithsomraaj / lifi-across-v3-audit

1 day review [26 Jun 2024 - 27 Jun 2024]
0 stars 0 forks source link

Remove `payable` keyword in ERC20 bridging functions of `AcrossFacetPackedV3` #13

Open sujithsomraaj opened 5 months ago

sujithsomraaj commented 5 months ago

Context: AcrossFacetPackedV3.sol#L135, AcrossFacetPackedV3.sol#L176

Description: The functions startBridgeTokensViaAcrossV3ERC20Min and startBridgeTokensViaAcrossV3ERC20Packed are used to bridge ERC20 tokens using across bridge.

These two functions are marked as payable, which will reduce gas overhead slightly. However, it will introduce a new issue: excess native tokens sent along these function calls are locked in the contract, which could be abused/used by other facets where there are no native token checks.

Recommendation: Consider removing the payable keyword.

LI.FI: Fixed in ddc45f13a2007025fb62f8983d417b9a1ed233d4

Researcher: Validated fix. Looks all good.

0xDEnYO commented 5 months ago

Thanks. Removed

0xDEnYO commented 3 months ago

fixed in ddc45f13a2007025fb62f8983d417b9a1ed233d4

0xDEnYO commented 3 months ago

https://github.com/lifinance/contracts/pull/687/commits/ddc45f13a2007025fb62f8983d417b9a1ed233d4