No way for user to get refund
Summary
Normally, when a transfer fails in other bridges, there is an option to specify an address for gas refunds. The current bridge doesn't have any option for refund.
If you check the starknet docs it says:
Sending an L2 to L1 message always incurs a fixed cost of 20,000 gas, because the hash of the message being sent must be written to L1 storage in the Starknet Core Contract.
Now during bridging if user gas is more than the fixed cost of 20k gas, the user will lose that and there is no way to get the refund
Impact
There is no way of user getting refund, so he loses the fund if message fails.
Recommendations
Introduce a refund address and functionality so that if the message request fails the user should get refund.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Appeal created
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.