First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Centralized risk of Ownership

maanvad3r

Summary

The smart contract exhibits a significant risk due to its centralized ownership model. A Proof of Concept (PoC) demonstrates how the compromise of the owner's private key can lead to complete control of the contract by an attacker. This vulnerability can have severe implications, including the unauthorized pausing of the bridge and alteration of critical contract parameters.

Vulnerability Details

The contract is vulnerable to owner key compromise as it is not using a multi-sig wallet. If the owner's private key is obtained by an attacker, they gain full control over the contract's functions. This is because a lot of the functions are under the owners control

POC

Add this test to L1TokenBridge.t.sol:

function testRiskWithCompromisedOwnerKey() public {

// Step 1: Verify the current owner

address currentOwner = tokenBridge.owner();

assertEq(currentOwner, deployer, "Deployer should be the initial owner");

address attacker = makeAddr("attacker");

// Step 2: Simulate ownership compromise

// Transfer ownership to the attacker (simulate a compromised key scenario)

vm.prank(currentOwner);

tokenBridge.transferOwnership(attacker);

// Verify that the attacker is now the owner

assertEq(tokenBridge.owner(), attacker, "Attacker should be the new owner");

// Step 3: Attacker actions as the new owner

vm.startPrank(attacker);

// Example action: Pausing the bridge

tokenBridge.pause();

assertTrue(tokenBridge.paused(), "Bridge should be paused by the attacker");

// Additional malicious action: Adding a fake signer

address fakeSigner = makeAddr("fakeSigner");

tokenBridge.setSigner(fakeSigner, true);

assertTrue(tokenBridge.signers(fakeSigner), "Fake signer should be added by the attacker");

vm.stopPrank();

// Step 4: Check the impact on normal users

vm.startPrank(user);

uint256 depositAmount = 10e18;

token.approve(address(tokenBridge), depositAmount);

// Expect that the deposit will fail because the bridge is paused

vm.expectRevert(Pausable.EnforcedPause.selector);

tokenBridge.depositTokensToL2(user, userInL2, depositAmount);

vm.stopPrank();

}

The test above simulates a successfull private key compromise of the owner.

Impact

Total Control by Attacker: An attacker with the owner's key can unilaterally make critical decisions, including pausing the bridge or changing signer permissions.
Disruption of Service: Users may experience disruption in services, such as deposit and withdrawal functions, leading to potential financial losses and loss of trust.
Manipulation of Contract Parameters: The attacker can manipulate signers, potentially leading to broader security breaches within the system.

Tools Used

Manual Review
Foundry

Recommendations

Enhance Ownership Model:
Implement a multi-signature mechanism for critical functions, requiring multiple parties to agree on significant changes.
Introduce time locks for sensitive actions, allowing users to react in case of suspicious activities.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.