_isWhiteListed might return wrong status
Summary
The Bridge::_isWhiteListed function might return wrong status due to wrong return statement.
Vulnerability Details
The statement !_whiteListEnabled || _whiteList[collection] inside Bridge::_isWhiteListed is incorrect because if _whiteListEnabled = false
then it will always return true even if the collection is NOT whitelisted:
As a result one of the whitelist checks at the beginning of the function Bridge::depositTokens is bypassed and Bridge::isWhiteListed may return incorrect result.
Impact
Impact: High
Likelihood: High
Proof of Concept
An user whose collection is NOT whitelisted calls Bridge::depositTokens while _whiteListEnabled = false. Thus, bypassing the check in Bridge::depositTokens:
Consequently, the user would be able to deposit tokens without being whitelisted.
Tools Used
Manual Review
Recommendations
Option 1
Remove !_whiteListEnabled from the statement:
Option 2
An alternative is to keep the !_whiteListEnabled and change the OR(||) to AND(&&), and change '!_whiteListEnabled' to _whiteListEnabled:
Either options are fine, depends on how the sponsors want the protocol to work.
Option 1 - return whether the collection is whitelisted at all.
Option 2 - return whether the whitelisting is enabled and also whether the collection exists too.
In my opinion, it should be as in option 1.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.