Fierce Coral Turkey
High
As per the MorphL2 README:
Any ERC20 that meets the standards can use Standards ERC20 Gateway and CustomERC20Gateway. For other tokens with specific requirements (USDC), we will provide corresponding gateways
In line with this, tokens like USDC have been assigned dedicated gateways, such as L1USDCGateway.sol and L2USDCGateway.sol. However, rebase tokens, which require special handling due to their fluctuating balances, do not have a dedicated gateway. Despite the README explicitly stating that custom gateways will be provided for non-standard ERC20 tokens, rebase tokens have been overlooked.
As a result, the following issue arises:
- If a user bridges a rebasing asset and a rebase occurs during the process, the balance reflected on the receiving chain will be incorrect. This will ultimately lead to loss of funds. This will happen, for example, inside depositERC20AndCall
Since loss of funds will occur we deem this to be of a high severity.
make sure to exclude rebase tokens OR handle them correctly by providing a corresponding gateway.