fix: add input validation for recipient and chain ID in Bridge transfer functions #4539
+16
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…er functions Add validation checks to prevent transfers to zero address and invalid chain IDs. This implements defense-in-depth by validating user inputs at the contract level. Changes: - Add require(recipient != bytes32(0)) to all transfer functions - Add require(recipientChain != 0) to all transfer functions - Applies to: transferTokens, wrapAndTransferETH, transferTokensWithPayload, wrapAndTransferETHWithPayload Prevents permanent fund loss from user error when accidentally providing zero address or invalid chain ID.
evan-gray
reviewed
Oct 18, 2025
There was a problem hiding this comment.
Why is there a new gitmodules here?
| uint256 arbiterFee, | ||
| uint32 nonce | ||
| ) public payable returns (uint64 sequence) { | ||
| require(recipient != bytes32(0), "invalid recipient"); |
There was a problem hiding this comment.
It is not prohibited in the spec for an EVM chain or another platform’s token bridge implementation to use the zero address as a valid recipient
| uint32 nonce | ||
| ) public payable returns (uint64 sequence) { | ||
| require(recipient != bytes32(0), "invalid recipient"); | ||
| require(recipientChain != 0, "invalid chain"); |
There was a problem hiding this comment.
Similarly, there may be some reason to allow for a chain id 0 transfer and it is not prohibited in the spec
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Add validation checks to prevent transfers to zero address and invalid chain IDs in Token Bridge functions.
Problem
Currently, the Bridge contract accepts
bytes32(0)as recipient address and0as chain ID without validation. This allows users to accidentally send funds to unrecoverable destinations through:Solution
Implement defense-in-depth by adding input validation at the smart contract level:
require(recipient != bytes32(0), "invalid recipient")require(recipientChain != 0, "invalid chain")Changes
transferTokens()- add recipient and chain validationwrapAndTransferETH()- add recipient and chain validationtransferTokensWithPayload()- add recipient and chain validationwrapAndTransferETHWithPayload()- add recipient and chain validationTesting
All existing tests pass:
Impact
Related
This fix addresses a lack of defense-in-depth issue identified through security research.