Summary

In the event of a bridging failure, there is no mechanism in place for users to reclaim their Kitties, leading to a permanent loss of assets.

Vulnerability Details

KittyConnect leverages a bridging approach that immediately burns the user's token upon initiation of the bridging process. While this design assumes successful completion of the cross-chain transfer, it does not account for potential failures in the bridging operation. Currently, there is no on-chain mechanism to revert the burn or allow users to reclaim their tokens if the operation fails, effectively resulting in a total loss of the token without recourse for recovery.

Impact

Failed bridging operations would cause permanent loss of users' assets.

Tools Used

Manual inspection

Recommendations

Mitigation of this issue would require a thorough architecture redesign. Here are a few recommendations:

• Implement a two-phase burning mechanism, where the token is not burned prematurely and is instead locked in the KittyBridge until the bridging operation is confirmed

• Confirm successfully executed bridging operation using an off-chain component such as Chainlink Keepers or a custom relayer, which would inform the KittyBridge about the status of the bridging operation:

  • If the bridging successfully went through, finally burn the locked Kitty

  • If the bridging failed, allow users to reclaim their Kitties