Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Trillion EVM cross chain contract>Informational findings>Fee lacks upper bound restrictions
GeneralOverview
Findings
Low (1)
Informational (3)Fee lacks upper bound restrictionsLack of verification on burn tokensUnused functionality should be removed
Threat ModelWhat are threat models?NonceManager.solTokenBurner.solTokenMessenger.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Fee lacks upper bound restrictions

Informational Severity
Informational Impact
N/A Likelihood

Description

Fee's in the token bridge contract accrue through native token transfers. An admin set fee minimum is required to transact with the bridge. Although the fee cannot be zero, it can be set arbitrarily high in the setFee() function.

Impact

Informational issue as this requires a malicious admin and would simply stop transfers from happening. This same threat exists off-chain if the protocol administrators wanted to prevent transfers from happening.

Recommendations

We recommend adding an upper bound to the fee.

Remediation

Zellic © 2025Back to top ↑