1.Chain support chain cannot be removed or cleared in bridge contracts.
Contracts provide a way to add support for a chain; however, they do not provide a way to delete it.
When a contract offers an addition method, it's important to consider whether it should also provide a deletion method
2.Contract use msg.sender as remote chain receiver when bridge token.
AA wallet like safe has different wallet address on different chains.
This vulnerability requires us to be familiar with some commonly used third-party tools in order to discover it
3.Two different transactions can result in the same txnHash value, thus breaking the approval process of transaction minting
txnHashToTransaction[txnHash] = Transaction(srcSender, amt);
Consider whether the keys in similar mappings are always unique?
4.Admin can’t burn tokens from blocklisted addresses because of a check in _beforeTokenTransfer
The burn operation prematurely calls the beforeTransfer function, but beforeTransfer needs to check if the address is blocked, which hinders the successful execution of the burn
origin
https://blog.coffiasd.cn/23-10-13.html
contact me for SC private review
Twitter:https://twitter.com/coffiasse
Github:https://github.com/coffiasd
TG:@coffiasd
Top comments (0)