You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
• If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
Summary
Vulnerability Detail
• If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
• An attacker might attempt to call finalizeBridgeERC20 with repeated or forged messages, trying to deplete the balance from the deposits mapping.
Impact
Denial of Service Attack: An attacker could prevent legitimate bridging operations, leading to service unavailability.
• Locked Funds: If the deposits balance is incorrectly reduced, it could lead to funds being locked in the contract.
The text was updated successfully, but these errors were encountered:
sherlock-admin4
changed the title
Lone Teal Jellyfish - • If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
Albort - • If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
Oct 12, 2024
Albort
High
• If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
Summary
Vulnerability Detail
• If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
• An attacker might attempt to call finalizeBridgeERC20 with repeated or forged messages, trying to deplete the balance from the deposits mapping.
Impact
Denial of Service Attack: An attacker could prevent legitimate bridging operations, leading to service unavailability.
• Locked Funds: If the deposits balance is incorrectly reduced, it could lead to funds being locked in the contract.
Code Snippet
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/StandardBridge.sol#L335
Tool used
Manual Review
Recommendation
The text was updated successfully, but these errors were encountered: