60,000 USDC
Submission Details
Severity:
Missing check for the length of `token_ids`
Summary
The escrow_deposit_tokens() function lacks a check for the length of token_ids.
Vulnerability Details
In the _depositIntoEscrow() function, the protocol first checks that ids.length is greater than 0.
function _depositIntoEscrow(
CollectionType collectionType,
address collection,
uint256[] memory ids
)
internal
{
assert(ids.length > 0);
However, in the escrow_deposit_tokens() function in the bridge.cairo contract, there is no check for the length of token_ids.
escrow_deposit_tokens(
ref self: ContractState,
contract_address: ContractAddress,
from: ContractAddress,
token_ids: Span<u256>,
) {
let to = starknet::get_contract_address();
let erc721 = IERC721Dispatcher { contract_address };
let mut i = 0_usize;
loop {
if i == token_ids.len() {
break ();
}
Impact
Tools Used
Recommendations
The recommended fix is to add a check for the length of token_ids.
Updates
Lead Judging Commences
n0kto 9 months ago
Submission Judgement Published Reason: Lack of quality
Assigned finding tags:
invalid-empty-tokenIds-starknet-side
No real impact. Attacker will have to pay the deployment of the new contract even with 0 token, and it won’t have any interest do to that since he won’t take the control of the contract.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.