Zellic - Audit Reports

Function that handles receiving via StarGate.

srcChainId
- Control: Fully controlled by the caller. Currently not used.
- Constraints: None. Should check that it is a valid chain ID for the source chain.
- Impact: The source chain where the cross-chain transaction originated.
srcAddress
- Control: Fully controlled by the caller. Currently not used.
- Constraints: None. Should check that it corresponds to the WoocrossChainRouterV4 contract on the source chain.
- Impact: The address of the originating contract on the source chain.
nonce
- Control: Fully controlled by the caller. Currently not used.
- Constraints: None. Should be used to prevent replay attacks.
- Impact: The nonce of the transaction.
bridgedToken
- Control: Fully controlled by the caller.
- Constraints: None. Assumed to be a token that can be bridged.
- Impact: The token that was bridged.
amountLD
- Control: Fully controlled by the caller.
- Constraints: None. Assumed to be the amount of the bridged token. When called by StarGate, StarGate ensures that this amount the token has been transferred to the contract by StarGate as a result of the cross-chain call.
- Impact: The amount of the bridged token.
payload
- Control: Fully controlled by the caller.
- Constraints: None. Assumed to be the payload of the cross-chain transaction.
- Impact: The payload of the cross-chain transaction.

Intended branches

Ensure that srcChainId is a valid chain ID. Currently not enforced.
Test coverage
Ensure that srcAddress corresponds to the WoocrossChainRouterV4 contract on the source chain. Currently not enforced.
Test coverage
Ensure that nonce is used to prevent replay attacks. Currently not enforced.
Test coverage
If bridgedToken is SGETH, handle the native received.
Test coverage
If bridgedToken is not SGETH, handle the ERC-20 received.
Test coverage

Negative behavior

Should not allow anyone other than the StarGate router to call this function.
Negative test