Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Mina Token Bridge>Design>Component: User front end
GeneralOverview
Findings
High (1)
DiscussionLack of documentationInsufficient Test Coverage
DesignComponent: Admin front endComponent: User front endComponent: Multichain bridge backend
Audit ResultsAssessment Results

Component: User front end

Description

The user front end is responsible for handling the bridging operations. A user connects to the service with their MetaMask or Auro Wallet, after which they are able to deposit ETH or WETH to be bridged to the opposite chain.

Invariants

  • A user should not be able to bypass the daily quota.

Test coverage

Cases covered

  • No test coverage.

Cases not covered

  • No test coverage.

Attack surface

The attack surface itself is extremely limited, with the application only having two inputs and a button. As far as the UI goes, there are no real issues that could be exploited strictly on the client side. One issue was found regarding the client-side daily quota check; this can be trivially bypassed to make it possible to enter ETH values that are above the daily limit. A user is then able to deposit an amount that exceeds the daily quota (see Finding ref), which leads to that transaction being stuck as the backend does not handle this edge case sufficiently.

Zellic © 2025Back to top ↑