sendToL1
can be call by anyone to force withdraw ETH to depositor
Anyone can listen event emitted from blockchain about depositor deposit to L2
v,r,s also public to anyone so they just need encode those params to bytes32 message similar to the signer do when they receive Deposit event:
After that, attacker can pass uint8 v, bytes32 r, bytes32 s, bytes memory message
to the function sendToL1
to force withdraw to address of depositor
event though the depositor not intent to do that
This Vulnerability make depositor being call withdraw to their wallet even though they don't intent to do that
manual review
Must check the caller of sendToL1
is the one that trigger depositor by decode message in to target, value, data
Decode data
to IERC20.transferFrom, (address(vault), to, amount)
than check if to
equal to msg.sender
to prevent the caller of sendToL1
is not the one who deposit but is trying to force call withdraw to depositor address even though the depositor not want to do that.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.