Malicious actor can DOS attack depositTokensToL2
The function depositTokensToL2 has a deposit limit that limits the amount of funds that a user can deposit into the bridges shown here
The problem is that it uses the contract balance to track this invariant, opening the door for a malicious actor to make a donation to the vault contract to ensure that the deposit limit is reached causing a potential victim's harmless deposit to unexpectedly revert. See modified foundry test below:
User will not be able to deposit token to the bridge in some situations
Foundry
Use a mapping to track the deposit limit of each use instead of using the contract balance
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.