Skip to content

Are there any bugs in the SynapseBridge.sol #297

New issue
New issue
Open
Open
Are there any bugs in the SynapseBridge.sol#297
@xuebingqing

Description

@xuebingqing
xuebingqing
opened on Oct 25, 2023

Description

When we recently used the fuzz testing tool, we scanned the contract SynapseBridge.sol. We found some issues and wanted to confirm with you.

function redeemAndRemove(
        address to,
        uint256 chainId,
        ERC20Burnable token,
        uint256 amount,
        uint8 swapTokenIndex,
        uint256 swapMinAmount,
        uint256 swapDeadline
    ) external nonReentrant whenNotPaused {
        emit TokenRedeemAndRemove(to, chainId, token, amount, swapTokenIndex, swapMinAmount, swapDeadline);
        token.burnFrom(msg.sender, amount);
    }

As you can see, token is used as input and is controllable by the user. If there is malicious input later and implement the ERC20Burnable interface standard, it calls burnFrom without checking the token parameter. Are there any problems?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions