0xBhumii - Lack of Validation for Recipient Address in InfernalRiftBelow

[sherlock-admin4]

0xBhumii

Medium

Lack of Validation for Recipient Address in InfernalRiftBelow

Summary

The thresholdCross function and its related internal functions (_thresholdCross721, _thresholdCross1155) fail to validate the recipient address. This can lead to tokens being sent to invalid addresses, resulting in a permanent loss of assets. Validation of the recipient address should be implemented to avoid this issue.

Vulnerability Detail

The contract allows for the transfer of ERC721 and ERC1155 tokens using the thresholdCross function, where the recipient address is passed as an argument. However, there is no check to ensure that the recipient address is valid or non-zero. If an invalid address is provided , tokens could be lost permanently, as they would be sent to a non-recoverable address. This is particularly risky in cross-chain transfers or bridging mechanisms.

Impact

Tokens can be transferred to invalid addresses, leading to a permanent loss of assets. Since the contract is designed to handle cross-chain transfers, losing tokens in such a manner could severely impact the security and functionality of the system.

Code Snippet

https://github.com/sherlock-audit/2024-08-flayer/blob/main/moongate/src/InfernalRiftBelow.sol#L234C1-L321C1

Tool used

Manual Review

Recommendation

Add validation to ensure that the recipient address is valid.