First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Possible Discrepancy with Direct Token Transfers to `Vault` contract

codelock

Summary

This issue pertains to a potential discrepancy that may arise if users send tokens directly to the vault instead of utilizing the depositTokensToL2 function in the L1BossBridge.sol contract.

Vulnerability Details

Upon manual review and employing tools such as 4nalizer and Slither, it was observed that sending tokens directly to the vault, bypassing the depositTokensToL2 function in the L1BossBridge.sol contract, can lead to a mismatch between the amounts that users bridge to other networks and the actual funds present in the vault.

Here's the relevant context from the code:

// Example function in L1BossBridge.sol

function depositTokensToL2(address from, address l2Recipient, uint256 amount) external whenNotPaused {

- if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {

revert L1BossBridge__DepositLimitReached();

}

token.safeTransferFrom(from, address(vault), amount);

// Off-chain service picks up this event and mints corresponding tokens on L2

emit Deposit(from, l2Recipient, amount);

}

Impact

The impact of this issue is considered low as it does not directly jeopardize the funds. However, it may result in a misunderstanding between the bridged funds and the actual funds present in the vault.

Tools Used

Manual Review
4nalizer
Slither

Recommendations

To address this issue, it is recommended to introduce a variable in the L1BossBridge.sol contract that tracks the current balance in the vault, specifically the balance deposited using the depositTokensToL2 function. This variable can then be used in limit validations. Additionally, making the deposit limit customizable, rather than a constant, could enhance flexibility and accommodate varying use cases. This modification would provide more clarity and accuracy in monitoring the funds bridged through the designated function.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

depositTokensToL2(): DoS deposits via DEPOSIT_LIMIT

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.