Summary

The sendToL1 function, responsible for handling the sending of transactions from Layer 2 to Layer 1, lacks the inclusion of the chain ID in the signature verification process. This omission could expose the system to potential replay attacks, enabling malicious actors to replay transactions from Layer 1 to Layer 2 or vice versa.

Vulnerability Details

The vulnerability lies in the absence of the chain ID parameter in the signature verification process. As per EIP-155, including the chain ID in the verification is critical to prevent replay attacks across different chains. The code lacks this essential security measure, potentially enabling malicious actors to replay transactions across layers, causing unintended execution of transactions on different networks.

Impact

The absence of the chain ID in the signature verification process creates a high-risk scenario for potential replay attacks. This could compromise the security and integrity of the system, allowing unauthorized execution of transactions across different layers.

Tools Used

Manual inspection

Recommendations

incorporate chainID as a parameter