In depositTokensToL2
function's use of "transferFrom" with an arbitrary "from" address, potentially granting unauthorized access. It allows an attacker, to exploit user's approval for the contract to spend his tokens. Attacker can call the function and specify user's address as the "from" parameter in "transferFrom", enabling him to transfer user's tokens.
In the smart contract, an attacker can manipulate the "from" address in the depositTokensToL2
function, leading to unauthorized access and the potential transfer of another user's tokens, undermining the security and integrity of the contract's token handling.
The vulnerability exposes a critical risk of unauthorized token transfers, potentially leading to loss of user funds and a breach of trust in the affected smart contract.
Copy the below test function and paste it in L1BossBridgeTest.t.sol
now run forge test --match-test testManipulatedFromAddressCanDeposit -vvvv
in terminal
you will get this result Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 16.16ms
Foundry and manual review
Use msg.sender
as from
in transferFrom.
replace depositTokensToL2 function with below code:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.