First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Possibility of reentrancy attack if amounts are not updated

0x0noob

Summary

The depositTokensToL2 function in the L1BossBridge contract does not take into account any effect, which opens room for a reentrancy attack.

Vulnerability Details

function depositTokensToL2(address from, address l2Recipient, uint256 amount) external whenNotPaused {
if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {
revert L1BossBridge__DepositLimitReached();
}
token.safeTransferFrom(from, address(vault), amount);
// Our off-chain service picks up this event and mints the corresponding tokens on L2
emit Deposit(from, l2Recipient, amount);
}

It's very important that contracts that interact with external contracts follow strictly the CEI principle. The depositTokensToL2 function as shown above fails to update the amount in the vault as well as the user(from) balance, which opens a door for an attacker to exploit the protocol.

POC

Since the protocol contract does not actively track the increase in balance when assets are bridged out, and also does not follow the CEI which helps reduce the risk of reentrancy. An attacker can attack the contract by creating a contract whose falback would track for the bossBridge contract and call and also call the withdrawTokensToL1 function.

Impact

Loss of funds.

Tools Used

Manual Review

Recommendations

Implement CEI and ensure that the balances are updates before the safetransfer/bridge.

Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.