Submission Details
Severity:
L1BossBridge.sol - withdrawTokensToL1 - Missing `whenNotPaused` modifier for withdrawTokensL1 nethods in L1BossBridge
Summary
To ensure user safety, this first version of the bridge has a few security mechanisms in place:
The owner of the bridge can pause operations in emergency situations.
Base on the documentation critical function should be protected by whenNotPaused
Vulnerability Details
Missing modifier
function withdrawTokensToL1(address to, uint256 amount, uint8 v, bytes32 r, bytes32 s)
external
// -> Missing whenNotPaused modifier
{
sendToL1(
v,
r,
s,
abi.encode(
address(token),
0, // value
abi.encodeCall(IERC20.transferFrom, (address(vault), to, amount))
)
);
}
Impact
When the contract is paused withdrawTokensToL1 won't revert right away, costing more gas to the user.
Tools Used
Manual
Recommendations
Add modifier to withdrawTokensToL1
-function withdrawTokensToL1(address to, uint256 amount, uint8 v, bytes32 r, bytes32 s) external {
+function withdrawTokensToL1(address to, uint256 amount, uint8 v, bytes32 r, bytes32 s) external whenNotPaused {
sendToL1(
v,
r,
s,
abi.encode(
address(token),
0, // value
abi.encodeCall(IERC20.transferFrom, (address(vault), to, amount)) // @note use safe call instead
)
);
}
Rewards breakdown
nSLOC
99This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.