Code4renaCODE423N4:2022-07-AXELAR-FINDINGS-ISSUES-193Functions that send Ether to arbitrary destinations
Lines of code
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L23>
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L44>
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L51>
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L63>
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L70>
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L71>
<https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L86>
Vulnerability details
M-1. Functions that send Ether to arbitrary destinations
Description
Unprotected call to a function that allow a user to refund to another address.
Mitigation
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Lines in the code
ReceiverImplementation.receiveAndSendToken
ReceiverImplementation.sol#L16
ReceiverImplementation.sol#L23
ReceiverImplementation.receiveAndSendNative
ReceiverImplementation.sol#L44
ReceiverImplementation.sol#L51
ReceiverImplementation.sol#L63
ReceiverImplementation.receiveAndUnwrapNative
ReceiverImplementation.sol#L70
ReceiverImplementation.sol#L71
ReceiverImplementation.sol#L86
The text was updated successfully, but these errors were encountered:
š 1 GalloDaSballo reacted with eyes emoji
All reactions
- š 1 reaction