First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

`L1BossBridge:withdrawTokensToL1`not pausable presents a risk of funds unrightful drain

Oozman

PoC for withdrawTokensToL1 not pausable vulnerability

Summary

The L1BossBridge::withdrawTokensToL1 function does not implement the pausable modifier.

Vulnerability Details

The L1BossBridge contract inherits OZ's Pausable utility but it is not implemented to the withdrawing function.
In "the event of an emergency", the owner can pause the protocol.
Though the known issue of a possible untrustful signer can arise. In this case, which would be an emergency, the owner would pause the bridge in order to secure the funds.
The withdraw function would not be paused though, leaving the tokens are risk of drain by the hack.

Impact

High impact: because funds are directly at stake.
Medium likelyhood: because the signers have to be set by the owner, suggesting that the probability of them being malicious is low. Still, we set it to medium because there is not hardcoded mechanism to prevent that risk.

Tools Used

Forge
Code rewiewing
Slither

Recommendations

Add the following modifier in L1BossBridge::withdrawTokensToL1 function.

function withdrawTokensToL1(
address to,
uint256 amount,
uint8 v,
bytes32 r,
bytes32 s
- ) external {
+ ) external pausable {
sendToL1(
v,
r,
s,
abi.encode(
address(token),
0, // value
abi.encodeCall(
IERC20.transferFrom,
(address(vault), to, amount)
)
)
);
}
Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.