be paranoid about the 'from' parameter.

Aderyn alerted of this: Passing an arbitrary `from` address to `transferFrom` (or `safeTransferFrom`) can lead to loss of funds, because anyone can transfer tokens from the `from` address if an approval is made. This is not a possibility since this parameter is in an internal library, and the only caller passes in msg.sender. But I can't predict how this code will evolve, so it may become a footgun down the line. Removing.
consensus-shipyard · Dec 18, 2023 · 60af071 · 60af071
1 parent 71eed55
commit 60af071
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/src/gateway/GatewayManagerFacet.sol b/src/gateway/GatewayManagerFacet.sol
@@ -181,7 +181,7 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
         supplySource.expect(SupplyKind.ERC20);
 
         // Lock the specified amount into custody.
-        supplySource.lock({from: msg.sender, value: amount});
+        supplySource.lock({value: amount});
 
         // Create the top-down message to mint the supply in the subnet.
         CrossMsg memory crossMsg = CrossMsgHelper.createFundMsg({

diff --git a/src/lib/SupplySourceHelper.sol b/src/lib/SupplySourceHelper.sol
@@ -44,11 +44,11 @@ library SupplySourceHelper {
         }
     }
 
-    /// @notice Locks the specified amount into custody.
-    function lock(SupplySource memory supplySource, address from, uint256 value) internal {
+    /// @notice Locks the specified amount sent by the msg.sender into custody.
+    function lock(SupplySource memory supplySource, uint256 value) internal {
         if (supplySource.kind == SupplyKind.ERC20) {
             IERC20 token = IERC20(supplySource.tokenAddress);
-            token.safeTransferFrom({from: from, to: address(this), value: value});
+            token.safeTransferFrom({from: msg.sender, to: address(this), value: value});
         }
         // Do nothing for native.
     }