Submission Details
Severity:
DEPOSIT_LIMIT should be connected with the ERC20 token decimals
[H-4] DEPOSIT_LIMIT should be connected with the ERC20 token decimals
Description:
Currently the DEPOSIT_LIMIT property is assigned 100_000 ether which is 100_000 * 1e18, but this variable represents the limit of ERC20 tokens not ethers. If ERC20 token has 30 decimals those 100_000 * 1e18 will be not enough to deposit just a fraction of the total supply.
Impact:
Low, denial of service attack, due to reaching the limit very fast.
Tools used:
foundry
Proof of Concept:
function testWithModifiedContract() public {
vm.startPrank(deployer);
// Deploy token and transfer the user some initial balance
L1TokenModified token_modified = new L1TokenModified();
uint256 amount = 10e30;
token_modified.transfer(address(user), amount);
// Deploy bridge
tokenBridge = new L1BossBridge(IERC20(token_modified));
vault = tokenBridge.vault();
// Add a new allowed signer to the bridge
tokenBridge.setSigner(operator.addr, true);
vm.stopPrank();
vm.startPrank(user);
deal(address(token_modified), user, amount);
token_modified.approve(address(tokenBridge), amount);
vm.expectRevert(L1BossBridge.L1BossBridge__DepositLimitReached.selector);
tokenBridge.depositTokensToL2(user, userInL2, amount);
vm.stopPrank();
}
Recommended Mitigation:
Instead of setting the DEPOSIT_LIMIT to 100_000 e18 use the token decimals to determine the limit.
Updates
Lead Judging Commences
0xnevi over 1 year ago
Submission Judgement Published Assigned finding tags:
depositTokensToL2(): DoS deposits via DEPOSIT_LIMIT
Rewards breakdown
nSLOC
99This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.