Immunefi
Published in

Immunefi

Aurora Improper Input Sanitization Bugfix Review

Summary

Introduction: What is Aurora?

ERC20, NEP-141, and the Aurora Engine

rust
NEP141FtOnTransferArgs {
pub sender_id: AccountId,
/// Balance can be for Eth on Near and for Eth to Aurora
/// `ft_on_transfer` can be called with arbitrary NEP-141 tokens attached, therefore we do not specify a particular type Wei.
pub amount: Balance,
pub msg: String,
}
rust
let erc20_token = Address::from_array(unwrap_res_or_finish!(
unwrap_res_or_finish!(
get_erc20_from_nep141(&self.io, token),
output_on_fail,
self.io
)
.as_slice()
.try_into(),
output_on_fail,
self.io
));

Vulnerability Analysis

Vulnerability Fix

Acknowledgements

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Immunefi

Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.