Collection Whitelist Does Not Safeguard Against Unbridging Whitelisted Tokens
Summary
The Bridge contract uses a whitelist to prevent bridging tokens, however this whitelist is not enforced whilst unbridging.
Vulnerability Details
The Bridge contract enables onlyOwner to whitelist specific token collections from being processed by the bridge.
However, this is only enforced on depositTokens and does not take effect on calls to withdrawTokens.
Consequently, malicious token collections that were bridged prior to the collection being blacklisted may continue to be transacted.
Impact
The bridge remains vulnerable to interacting with explicitly disabled (i.e. malicious) token collections.
Tools Used
Manual Review
Recommendations
Bridge.sol
When attempting to withdraw a token from escrow via the untrusted withdrawTokens function, validate the collectionL1 has been whitelisted.
We advise against enforcing these rules in the admin-controlled functions, since it can be left to the discretion of the admin to determine whether blacklisted token withdrawals via startRequestCancellation be permitted.
However, it may be advisable for the admin to explicitly acknowledge the potential interaction with a blacklisted token during cancellation using a force override.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.