Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Mina Token Bridge>Informational findings>Invalid threshold can halt the protocol
GeneralOverview
Findings
Critical (4)
High (2)
Medium (1)
Informational (4)Fixed number of validatorsInvalid threshold can halt the protocolNo token whitelistLack of parameter validation in initialization
DiscussionUpgradability of Mina contractsSimplifications in validateValidatorMisleading function name
Threat ModelWhat are threat models?Bridge.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Invalid threshold can halt the protocol

Informational Severity
Informational Impact
N/A Likelihood

Description

The argument _newThreshold for the function changeThreshold must be less than or equal to the number of validators.

function changeThreshold(uint256 _newThreshold) external onlyOwner() {
    threshold = _newThreshold;
    emit ChangeThreshold(_newThreshold);
}

Impact

If the owner sets threshold as a high value accidentally, the functions using the threshold variable will be denied of service.

Recommendations

We recommend adding logic for the _newThreshold.

Remediation

This issue has been acknowledged by Sotatek, and a fix was implemented in commit 17162c1a.

Zellic © 2025Back to top ↑