Summary

If more than one signers signs for the same withdrawal request, then it will allow one to withdraw more than 1 time, as there is no track of withdrawal being made for deposited amount on the other chain.

Vulnerability Details

When a user calls L1BossBridge::depositTokensToL2 then tokens are minted on L2, which are then signed by the Signer to approve the withdrawal. But if more than 1 signer signs for the same withdrawal request, the withdrawal can be done more than one time. There is no track for a particular bridge request whether that was fulfilled or not, so if a withdrawal request was signed by 2 signers, it will allow one to withdraw two times even for a single deposit.

Impact

Medium. If more than one signer signs on the same withdrawal request, it will allow the depositor to withdraw funds that many times.

Tools Used

Manual Review

Recommendations

To use a unique identifier like a counter which will generate for every deposit made and also it will be included in the event and the messageHash (the hash that is signed by the signer). So, that it can be tracked on the basis of that counter variable that whether funds were withdrawn or not for a txn, and even if two signers signs for the same txn it will revert for the other signature as the withdrawal was already made.