`L1BossBridge::DEPOSIT_LIMIT` check creates DoS attack
Summary
L1BossBridge::DEPOSIT_LIMIT will make any deposit revert if an attacker sends DEPOSIT_LIMIT + supplyL2 + 1 tokens directly to vault contract.
Vulnerability Details
Attacker can manually send DEPOSIT_LIMIT + 1 amount of ERC20 tokens directly to the vault contract, creating a DoS to L1BossBridge::depositTokensToL2, because of this check:
Any deposit transaction from user will revert. As long as there are no tokens on L2, ready to be sent to L1, token.balanceOf(address(vault)) will not change.
Alternatively, attacker can just send DEPOSIT_LIMIT + supplyL2 + 1 ERC20 tokens directly to the vault contract to make all deposits fail. supplyL2 amount is added here to make sure that users when withdrawing funds from L2 to L1, vault balance will decrease, but not enough to remove the DoS
Impact
High. Denial of Service breaks the protocol main purpose of bridging funds from L1 to L2.
Tools Used
Manual Review
Recommendations
Consider keeping track of the actual deposits made from users, when calling L1BossBridge::depositTokensToL2, to make the validation check, instead of the balance of the vault
Lead Judging Commences
depositTokensToL2(): DoS deposits via DEPOSIT_LIMIT
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.