ArkProject: NFT Bridge

Summary

Anyone can perform initialization, causing the owner's permissions to be taken away.

Vulnerability Details

Background:

1. Anyone can call the initialize function, and an attacker can call the initialize function in advance through front-running transactions.

2. The initialize function will set the owner of the bridge.

3. The protocol has been deployed, so calling the initialize function is an upgrade.

4. The bridge contract is the owner of many ERC721Bridgeable contracts.

5. If any NFT is cross-chain, the NFT will be stuck due to insufficient handling fees and other reasons. The owner needs to call the startRequestCancellation function to request cancellation of cross-chain.

So:

1. Since the contract is being upgraded and there is already some status in the contract, redeploying the protocol will lose part of the ownership of the ERC721Bridgeable contract.

2. If some NFT fails during cross-chain, the owner needs to call the startRequestCancellation function to cancel the cross-chain. Because the upgrade was pre-empted and the owner became a malicious owner, these NFTs may be locked in the contract forever.

Since there was a direct loss of funds, I judge the severity to be high. The likelihood is medium, as front-running is not easy. So the risk level is H/M.

Impact

The protocol owner may have his authority taken away, causing the owner of ERC721 to be lost and the NFT may be locked.

Tools Used

manual

Recommendations

It is recommended that only the owner can call the initialize function.