This project shows blockchain smart contract bridge vulnerabilities.
It currently shows some vulnerabilities from SCSVS v2:
Warning
The smart contracts used in the project are not audited and are vulnerable. Not to use in the production.
- The contract uses the EIP-712 standard.
- Integrates an external signal processor.
- Allows burning tokens on the source chain and minting the same amount on the destination chain.
- Allows transferring tokens on the destination chain to a new address on the destination chain itself.
- Does not use the EIP-712 standard.
- Allows burning tokens on the source chain and minting the same amount on the destination chain.
- Allows transferring tokens on the destination chain to a new address on the destination chain itself.
- Demonstrates message replay, signature replay, and cross-chain signature replay attacks.
- The contract uses the EIP-712 standard.
- Allows burning tokens on the source chain and minting the same amount on the destination chain.
- Allows transferring tokens on the destination chain to a new address on the destination chain itself.
- Demonstrates chain ID spoofing in the bridge implementation.
- Does not use the EIP-712 standard.
- Allows burning tokens on the source chain and minting the same amount on the destination chain.
- Allows transferring tokens on the destination chain to a new address on the destination chain itself.
- Demonstrates hash collision.
ToDo: Add explanation for every test/vulnerabilities.
$ forge build$ forge test # run all tests.$ forge test --mc <test_contract_name> # run specific test file.