Summary

The provided code showcases a function responsible for withdrawing tokens from Layer 2 to Layer 1. The function requires a signature to prevent replay attacks. However, the code lacks the incorporation of the chain ID in the signature. This vulnerability might expose the system to potential replay attacks due to the absence of chain identification.

Vulnerability Details

The vulnerability lies in the absence of the chain ID parameter in the signature process. As per EIP-155, including the chain ID in the signed data is crucial to prevent replay attacks across different chains. The code does not implement this critical security measure, leaving the system susceptible to potential attacks.

Impact

This vulnerability presents a high-risk scenario. The absence of the chain ID in the signature could lead to replay attacks, compromising the integrity and security of the system. It allows malicious actors to potentially replay transactions across different chains, causing undesired or unintended execution of transactions on various networks.

Tools Used

Manual inspection

Recommendations

Incorporate Chain ID as a validation param