First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Arbitrary-send-erc20 'depositTokensToL2 function uses an arbitrary from parameter in the transferFrom method instead of msg.sender'.

imth3ak

Summary

the function uses an arbitrary from parameter in the transferFrom method, which could be a security risk.

Vulnerability Details

source link:- https://github.com/Cyfrin/2023-11-Boss-Bridge/blob/dad104a9f481aace15a550cf3113e81ad6bdf061/src/L1BossBridge.sol#L74

token.safeTransferFrom(from, address(vault), amount);

Impact

The impact of the above issue is that the function depositTokensToL2 could be exploited by an attacker who can call it with any from address that has a positive token balance. This could allow the attacker to steal tokens from other users and deposit them to the vault, where they can be minted on L2. This could result in a loss of funds for the legitimate token holders and a breach of the security and integrity of the system. Therefore, it is important to use msg.sender as from in the transferFrom method, as this ensures that only the owner of the tokens can initiate the transfer.

Tools Used

  • slither

  • foundry

Recommendations

- token.safeTransferFrom(from, address(vault), amount);
+ // Use msg.sender as from
+ token.safeTransferFrom(msg.sender, address(vault), amount);
// Our off-chain service picks up this event and mints the corresponding tokens on L2
- emit Deposit(from, l2Recipient, amount);
+ emit Deposit(msg.sender, l2Recipient, amount);
Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

depositTokensToL2(): abitrary from address

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.