Closed mehdi-defiesta closed 1 week ago
Thank you @mehdi-defiesta
I am thinking about simplifying the data structure of bytes calldata _data by eliminating redundant info about from, to, amount
What do you think if we update like:
function onApprove(
address _owner,
address _to,
uint256 _amount,
bytes calldata _data
)
external
override
returns (bool)
{
require(msg.sender == address(nativeTokenAddress()), "only accept native token approve callback");
(uint32 minGasLimit, bytes calldata message) = unpackOnApproveData(_data);
_sendNativeTokenMessage(_owner, _to, _amount, minGasLimit, message);
return true;
}
this one is safer and works as well :)
@mehdi-defiesta Could you check https://github.com/tokamak-network/tokamak-thanos/commit/8b4e841ce091b6bde8630e5a8c052189b2d0579a?
Sorry for the delay. The modification seems to mitigate the risk. Thabk you @boohyung
Describe the bug Eventhough the data seems to be appropriately unpacked in
unpackOnApproveData
function, there is a lack of safety check on_to
address inonApprove
function (L1CrossDomainMessenger). Users could send native token to the wrong wallet if the data encoded is not appropriately setupimpact user seeing their funds lost if the data is not encoded appropriately.
Severity: Low Severity is low because the user encoding the wrong
_to
address would only blame himself.Recommendation adding a parameter _to and a requirement to check if the data is correct :
Demo