Category: Coding Mistakes
Fee lacks upper bound restrictions
Informational Severity
Informational Impact
N/A Likelihood
Description
Fee's in the token bridge contract accrue through native token transfers. An admin set fee minimum is required to transact with the bridge. Although the fee cannot be zero, it can be set arbitrarily high in the setFee()
function.
Impact
Informational issue as this requires a malicious admin and would simply stop transfers from happening. This same threat exists off-chain if the protocol administrators wanted to prevent transfers from happening.
Recommendations
We recommend adding an upper bound to the fee.