withdrawTokensToL1 AllowUnauthorized Token Transfers through Stolen (v, r, s) Value Pairs
Summary
The vulnerability allows a user to potentially take over the (v, r, s) value pair of another user, leading to unauthorized execution of the withdrawTokensToL1 function and consequent token theft.
Vulnerability Details
Exploiting this vulnerability involves stealing the (v, r, s) value pair from another user and triggering the withdrawTokensToL1 function. The current implementation only validates the signer mapping value, allowing successful execution of transferFrom and resulting in token loss.
Impact
The compromised (v, r, s) value pair poses a risk of fund loss, enabling arbitrary users to initiate unauthorized withdrawTokensToL1 transactions.
Tools Used
Manual Review
Recommendations
To address this issue, consider implementing user address validation to ensure that the user initiating the withdrawTokensToL1 transaction is the rightful owner of the tokens. This additional step will enhance security and prevent unauthorized token transfers.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.