taikoxyz · dantaik · May 25, 2024 · May 25, 2024
diff --git a/packages/protocol/contracts/tokenvault/ERC20Vault.sol b/packages/protocol/contracts/tokenvault/ERC20Vault.sol
@@ -4,6 +4,7 @@ pragma solidity 0.8.24;
 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
 import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import "@openzeppelin/contracts/utils/Address.sol";
 import "../bridge/IQuotaManager.sol";
 import "../common/LibStrings.sol";
 import "../libs/LibAddress.sol";
@@ -17,6 +18,7 @@ import "./BaseVault.sol";
 /// @dev Labeled in AddressResolver as "erc20_vault".
 /// @custom:security-contact [email protected]
 contract ERC20Vault is BaseVault {
+    using Address for address;
     using LibAddress for address;
     using SafeERC20 for IERC20;
 
@@ -143,6 +145,7 @@ contract ERC20Vault is BaseVault {
     error VAULT_CTOKEN_MISMATCH();
     error VAULT_INVALID_TOKEN();
     error VAULT_INVALID_AMOUNT();
+    error VAULT_INVALID_CTOKEN();
     error VAULT_INVALID_NEW_BTOKEN();
     error VAULT_LAST_MIGRATION_TOO_CLOSE();
 
@@ -166,10 +169,17 @@ contract ERC20Vault is BaseVault {
         nonReentrant
         returns (address btokenOld_)
     {
-        if (_btokenNew == address(0) || bridgedToCanonical[_btokenNew].addr != address(0)) {
+        if (
+            _btokenNew == address(0) || bridgedToCanonical[_btokenNew].addr != address(0)
+                || !_btokenNew.isContract()
+        ) {
             revert VAULT_INVALID_NEW_BTOKEN();
         }
 
+        if (_ctoken.addr == address(0) || _ctoken.chainId == block.chainid) {
+            revert VAULT_INVALID_CTOKEN();
+        }
+
         if (btokenBlacklist[_btokenNew]) revert VAULT_BTOKEN_BLACKLISTED();
 
         uint256 _lastMigrationStart = lastMigrationStart[_ctoken.chainId][_ctoken.addr];

diff --git a/packages/protocol/test/tokenvault/ERC20Vault.t.sol b/packages/protocol/test/tokenvault/ERC20Vault.t.sol
@@ -607,6 +607,19 @@ contract TestERC20Vault is TaikoTest {
             address(usdc)
         );
 
+        // invalid btoken
+        vm.expectRevert(ERC20Vault.VAULT_INVALID_CTOKEN.selector);
+        erc20Vault.changeBridgedToken(
+            ERC20Vault.CanonicalERC20({
+                chainId: uint64(block.chainid),
+                addr: address(erc20),
+                decimals: 18,
+                symbol: "ERC20TT",
+                name: "ERC20 Test token"
+            }),
+            address(usdc)
+        );
+
         // We cannot use stETH for erc20 (as it is used in connection with another token)
         vm.expectRevert(ERC20Vault.VAULT_INVALID_NEW_BTOKEN.selector);
         erc20Vault.changeBridgedToken(