Race Condition Imperiling Deposit Limit Integrity
Summary
The smart contract's depositTokensToL2 function contains a potential race condition that could lead to surpassing the deposit limit due to concurrent transactions.
Vulnerability Details
´´´
function depositTokensToL2(
address from,
address l2Recipient,
uint256 amount
) external whenNotPaused {
if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {
revert L1BossBridge__DepositLimitReached();
}
token.safeTransferFrom(from, address(vault), amount);
// Our off-chain service picks up this event and mints the corresponding tokens on L2
emit Deposit(from, l2Recipient, amount);
}
´´´
The function checks the deposit limit based on the current balance in the vault before executing a token transfer. Simultaneous transactions could pass the limit check individually but collectively exceed the limit once both transfers are completed.
Impact
If multiple transactions execute nearly simultaneously and surpass the deposit limit, it could lead to unexpected behavior or potential vulnerabilities in the token bridge between L1 and L2.
Tools Used
Manual inspection
Recommendations
Consider looking into using a mutex
Lead Judging Commences
depositTokensToL2(): DoS deposits via DEPOSIT_LIMIT
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.