Submission Details
Severity:
Receiver or spender address is not approved before transferring the tokens
Summary
The depositTokensToL2() function is used to deposit L1 token to the vault by the depositor in which the token is not approved to the receiver or spender before transfering to the receiver.
Vulnerability Details
function depositTokensToL2(address from, address l2Recipient, uint256 amount) external whenNotPaused {
if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {
revert L1BossBridge__DepositLimitReached();
}
@> token.safeTransferFrom(from, address(vault), amount);
// Our off-chain service picks up this event and mints the corresponding tokens on L2
emit Deposit(from, l2Recipient, amount);
}
In this function, the token that is deposited by the user is transferred from the user to the vault's address which is not approved by the depositor or user.
Impact
The transaction will possibly revert if we don't approve the spender before tranferring it to the spender.
Tools Used
Manual review
Recommendations
function depositTokensToL2(address from, address l2Recipient, uint256 amount) external whenNotPaused {
if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {
revert L1BossBridge__DepositLimitReached();
}
+ token.approve(address(vault), amount);
token.safeTransferFrom(from, address(vault), amount);
// Our off-chain service picks up this event and mints the corresponding tokens on L2
emit Deposit(from, l2Recipient, amount);
}
Rewards breakdown
nSLOC
99This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.