Submission Details
Severity:
Internal balances are never actually migrated within `L2ContractMigrationFacet`
Summary
L2ContractMigrationFacet never migrates internal balances.
Vulnerability Details
L2ContractMigrationFacet#redeemDepositsAndInternalBalances should ideally migrate both user's deposits and internal balances. The user inputs both of them and they're used in the merkle leaf
function redeemDepositsAndInternalBalances(
address owner,
address reciever,
AccountDepositData[] calldata deposits,
AccountInternalBalance[] calldata internalBalances,
uint256 ownerRoots,
bytes32[] calldata proof,
uint256 deadline,
bytes calldata signature
) external payable fundsSafu noSupplyChange nonReentrant {
// verify deposits are valid.
// note: if the number of contracts that own deposits is small,
// deposits can be stored in bytecode rather than relying on a merkle tree.
verifyDepositsAndInternalBalances(owner, deposits, internalBalances, ownerRoots, proof);
// signature verification.
verifySignature(owner, reciever, deadline, signature);
// set deposits for `reciever`.
uint256 accountStalk;
for (uint256 i; i < deposits.length; i++) {
accountStalk += addMigratedDepositsToAccount(reciever, deposits[i]);
}
// set stalk for account.
setStalk(reciever, accountStalk, ownerRoots);
}
However, the internal balances are actually never credited.
Impact
Loss of internal balances
Tools Used
Manual review
Recommendations
Migrate the internal balances
Updates
Appeal created
deadrosesxyz
about 1 year ago
giovannidisiena
about 1 year ago
giovannidisiena
about 1 year ago
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
Internal balances not migrated
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.