Front-Running Vulnerability in L1BossBridge
Summary
A potential front-running issue in the withdrawTokensToL1 function of the L1BossBridge smart contract.
Vulnerability Details
The identified vulnerability resides in the withdrawTokensToL1 function of the L1BossBridge smart contract. This function, crucial for the withdrawal of tokens from Layer 2 to Layer 1, accepts a signature comprising parameters (v, r, s) for transaction authorization. However, due to the transparent nature of Ethereum transactions, these signatures are visible in the mempool before the transaction is confirmed. This visibility creates a risk where an attacker can observe and utilize these signatures to execute their own withdrawal transaction with a higher gas fee, effectively front-running the original transaction. This not only enables unauthorized token withdrawals but also poses a significant threat to the integrity of the transaction process, potentially leading to asset loss for the rightful owners.
Impact
Assets at Risk
Tools Used
Manual analysis
Recommendations
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.