BeanL1RecieverFacet on base network always revert and make user lose fund when they make migration
Line of code
Summary
BeanL1RecieverFacet will always revert on base when users attempt to migrate to base, causing users to lose funds on gas.
Vulnerability Details
BeanL1RecieverFacet is responsible for receiving the crosschain message, the proble occurs with an erroneous constant variable of EXTERNAL_L1_BEANS.
from the snippet above we can see that the varibale EXTERNAL_L1_BEANS is a constant which is set to 0. This is problematic because in the require checker we ensure that EXTERNAL_L1_BEANS is greater than or equal to s.sys.migration.migratedL1Beans.
This means tha the maximum amount of beans we can receive currently is 0, therefore when a user attempts to bridge a non zero value of beans, his transaction will always revert because it fails to meet the require.
Impact
the impact is severe because user is burning their token in l1 and then in l2 they expect to receive the minted token, but that minted token cannot be on l2 then user fund are lost.
Tools Used
manual review
Recommendations
Set EXTERNAL_L1_BEANS to a non zero and correct value to allow the bridging of beans from L1 to L2.
Lead Judging Commences
`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");
Appeal created
`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.