Potential Loss of Fertilizer ERC1155 NFTs During L1 to L2 Migration.
Summary
a potential vulnerability in the L1 to L2 migration process for contracts holding fertilizer ERC1155 NFTs.
The vulnerability arises from the possibility of NFT loss if the contract address on L1 is not owned by the same user on L2.
Vulnerability Details
During the migration process from L1 to L2, there is a critical step where the ownership of the contract addresses
must be maintained. If the contract address on L1, which holds the fertilizer ERC1155 NFTs, is not controlled by the same user on L2,
the NFTs could be lost. This is due to the mismatch in contract addresses, leading to a scenario where the migrated assets
are sent to an incorrect or non-existent address on L2.
If f.accountData[j].account is a contract address on L1 and the same address is not contract on L2 fertilizerId will be minted to wrong address.
Impact
If the L1 contract address not owned by user on L2, the minted fertilizer NFTs will be deposited into wrong address on L2
which user cannot access. This essentially results in lost ERC1155 NFTs for the intended recipient.
Tools Used
Recommendations
address on L2 must be owned by same account address on L1, if account is EAO same user will receive NFT but if it is contract a check michanism must be added devlopers knows better hwo this will be update.
Lead Judging Commences
Potential Loss of Fertilizer ERC1155 NFTs During L1 to L2 Migration - Account abstraction, multisig other contracts
Appeal created
Potential Loss of Fertilizer ERC1155 NFTs During L1 to L2 Migration - Account abstraction, multisig other contracts
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.