withdrawTokensToL1
non reentrant vulnerabilityThe L1BossBridge::withdrawTokensToL1
function does not implement the re-entrancy guard.
The L1BossBridge
contract inherits OZ's ReentrancyGuard
but it is not implemented to sensitive functions with the nonReentrant
modifier, especially in the case of the withdrawing function.
A low-moraled user could make a re entrancy attack on this function and drain all of the tokens
from the vault
.
High impact: because funds are directly at stake.
High likelyhood: because since reentrancy attacks are the main causes of contracts funds drainings, it has to be considered highly plausible.
Forge
Code rewiewing
Slither
And this is me at my first attempt to submit a PoC, following your adive on previous first flights, even though my week has been busy and I'm totally aware that this code isn't working, yet this is where it was at right before submission deadline (I'm trying to improve :)
Add the following modifier in L1BossBridge::withdrawTokensToL1
function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.