Offchain services can be manipulated.
Summary
The depositTokensToL2 function allows a user to deposit tokens to the vault, which are then locked and emitted as a Deposit event. This event can be picked up by an off-chain service to mint corresponding tokens on L2.
Vulnerability Details
'''solidity
function depositTokensToL2(address from, address l2Recipient, uint256 amount) external whenNotPaused {
if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {
revert L1BossBridge__DepositLimitReached();
}
token.safeTransferFrom(from, address(vault), amount);
// Our off-chain service picks up this event and mints the corresponding tokens on L2
emit Deposit(from, l2Recipient, amount);
}
'''
Impact
The contract does not check if the from address in depositTokensToL2 has approved the contract to transfer their tokens, which could lead to a failed transaction.
Tools Used
foundry
Recommendations
The contract must emit events for important state changes like pausing, unpausing, and setting signers. Also the contract must check if the from address in depositTokensToL2 has approved the contract to transfer their tokens,
Lead Judging Commences
missing events emission
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.