Albort - • If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert. #83
Comments
sherlock-admin4
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Albort
High
• If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
Summary
Vulnerability Detail
• If the value of deposits[_localToken][_remoteToken] is insufficient, it can result in an underflow, causing the transaction to revert.
• An attacker might attempt to call finalizeBridgeERC20 with repeated or forged messages, trying to deplete the balance from the deposits mapping.
Impact
Denial of Service Attack: An attacker could prevent legitimate bridging operations, leading to service unavailability.
• Locked Funds: If the deposits balance is incorrectly reduced, it could lead to funds being locked in the contract.
Code Snippet
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/StandardBridge.sol#L335
Tool used
Manual Review
Recommendation
The text was updated successfully, but these errors were encountered: