- Fund Loss: ~$1.44M
The listToken function lacks verification when base and corresponding tokens match, allowing any caller to bypass checks and arbitrarily claim ownership of the token.
- Contract Etherscan Link: https://etherscan.io/address/0x354cca2f55dde182d36fe34d673430e226a3cb8c#code
- Contract Github Link: https://github.com/eliQAQ/IntelliBridge-Auditor/blob/b9cfd49a537b7de18bbcbc2ed562e7008914038c/rag/dataset/XBridge20240424/contracts/XBridge4.sol#L4
- N/A