ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Unverified Message Hash on StarknetMessagingLocal.sol::addMessageHashesFromL2()

sidhack3r11

Summary

The addMessageHashesFromL2 function in the StarknetMessagingLocal contract allows any external address to add message hashes without any form of verification. This lack of validation means that malicious or arbitrary hashes can be registered, compromising the contract’s integrity and security.

Vulnerability Details

The addMessageHashesFromL2 function in the StarknetMessagingLocal contract allows any external address to directly register message hashes as consumable, without performing any verification or validation on the provided hashes. This function is defined as follows:

function addMessageHashesFromL2(

uint256[] calldata msgHashes

)

external

payable

{

for (uint256 i = 0; i < msgHashes.length; i++) {

bytes32 hash = bytes32(msgHashes[i]);

l2ToL1Messages()[hash] += 1;

}

emit MessageHashesAddedFromL2(msgHashes);

}

Impact

Unauthorized Operations: An attacker could exploit this vulnerability by adding arbitrary message hashes. If the contract logic later processes or relies on these hashes, it could lead to unauthorized actions, including but not limited to incorrect message processing or exploitation of contract functionalities.

Disruption of Normal Operations: The introduction of unverified message hashes could interfere with the normal operation of the contract, potentially causing service disruptions or inconsistent behavior.

Contract Integrity Risk: The contract’s ability to correctly manage and validate message hashes is undermined, increasing the risk of operational failures and security breaches.

Tools Used

Manual Review

Recommendations

Implement Message Hash Verification:

Introduce verification mechanisms to ensure that message hashes are legitimate and correspond to actual messages before registering them. This could involve:
- Verifying that hashes correspond to messages that have been validated or approved by a trusted source.
- Integrating checks or cryptographic proofs to validate the authenticity of the message hashes.

Implement access control mechanisms to restrict who can call the addMessageHashesFromL2 function. Only authorized entities should be able to register message hashes

References:

Solidity Documentation on Access Control
OpenZeppelin Contracts Access Control

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.