ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

CancelRequest is external and is missing access control so anyone can cancel requests

0xspacepirate

Summary

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L246

Bridge::cancelRequest the function is external allowing and has no access control.

Vulnerability Details

In Bridge::cancelRequest the function is external and anyone can call it and cancel the request.

Impact

Impact: High

Likelihood: High

Proof of Concept

The attacker only needs to call Bridge::cancelRequest in order to cancel a request.

Tools Used

Manual Review

Recommendations

Move the protocol deserialization logic to the top and use its result to check for the owner:

function cancelRequest(
uint256[] memory payload,
uint256 nonce
) external {
+ Request memory req = Protocol.requestDeserialize(payload, 0);
++ require(req.ownerL1 == msg.sender, "Unauthorized");
IStarknetMessaging(_starknetCoreAddress).cancelL1ToL2Message(
snaddress.unwrap(_starklaneL2Address),
felt252.unwrap(_starklaneL2Selector),
payload,
nonce
);
- Request memory req = Protocol.requestDeserialize(payload, 0);
_cancelRequest(req);
emit CancelRequestCompleted(req.hash, block.timestamp);
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.