You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As you can see, token is used as input and is controllable by the user. If there is malicious input later and implement the ERC20Burnable interface standard, it calls burnFrom without checking the token parameter. Are there any problems?
The text was updated successfully, but these errors were encountered:
Description
When we recently used the fuzz testing tool, we scanned the contract SynapseBridge.sol. We found some issues and wanted to confirm with you.
function redeemAndRemove( address to, uint256 chainId, ERC20Burnable token, uint256 amount, uint8 swapTokenIndex, uint256 swapMinAmount, uint256 swapDeadline ) external nonReentrant whenNotPaused { emit TokenRedeemAndRemove(to, chainId, token, amount, swapTokenIndex, swapMinAmount, swapDeadline); token.burnFrom(msg.sender, amount); }As you can see, token is used as input and is controllable by the user. If there is malicious input later and implement the ERC20Burnable interface standard, it calls burnFrom without checking the token parameter. Are there any problems?
The text was updated successfully, but these errors were encountered: