Zero-value constant prevents L1 to L2 Bean migration
Summary
The EXTERNAL_L1_BEANS constant in the BeanL1RecieverFacet contract is set to 0, which effectively prevents any Beans from being migrated from L1 to L2. This renders the entire L1 to L2 migration functionality inoperable.
Vulnerability Details
In the BeanL1RecieverFacet contract, the EXTERNAL_L1_BEANS constant is defined as:
This constant is used in the recieveL1Beans function to limit the total amount of Beans that can be migrated:
With EXTERNAL_L1_BEANS set to 0, this check will always fail after the first migration (which would only succeed if the amount is 0), preventing any meaningful migration of Beans from L1 to L2.
Impact
The impact of this vulnerability is severe. It completely breaks the L1 to L2 Bean migration functionality, which is a core feature of the contract. Users will be unable to migrate their Beans from L1 to L2, potentially leading to significant inconvenience and loss of trust in the protocol.
Tools Used
Manual code review
Recommendations
Set the EXTERNAL_L1_BEANS constant to the actual maximum number of Beans that should be allowed to migrate from L1 to L2. This value should be carefully calculated based on the total supply of Beans on L1 or other relevant factors. Alternatively, if more flexibility is needed, consider making this value a storage variable that can be updated by the contract owner or through a governance process, rather than a constant.
Lead Judging Commences
`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");
Appeal created
`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.