nrestricted Access and Unauthorized Transfers in `L1BossBridge's` `depositTokensToL2` Function
Summary
A critical security vulnerability has been identified in the depositTokensToL2 function of the L1BossBridge smart contract. This function currently allows any user to initiate a token deposit on behalf of any other address without requiring proper authorization. This flaw can be exploited by malicious actors to transfer tokens from any address to their own account on Layer 2 (L2), potentially leading to unauthorized token transfers and financial loss for affected users.
Vulnerability Details
The function lacks necessary checks to confirm that the caller (msg.sender) has the authority to move tokens from the from address. This oversight allows an attacker to use the depositTokensToL2 function to deposit tokens from any user's address into an L2 address of their choice, without the token owner's consent.
Impact
Unauthorized Token Transfers: This vulnerability allows attackers to redirect token deposits to their own L2 addresses, effectively stealing tokens from other users.
Loss of User Trust: Such vulnerabilities can significantly undermine the credibility and security perception of the token bridge, causing potential long-term damage to user trust.
Financial Risks: Users are at risk of financial losses due to unauthorized token movements.
Tools Used
Manual Review
Foundry
Recommendations
To mitigate this vulnerability, the depositTokensToL2 function should be modified to include a check ensuring that the caller is authorized to use tokens from the from address. This can be implemented as follows:
Lead Judging Commences
depositTokensToL2(): abitrary from address
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.