Anyone can perform initialization, causing the owner's permissions to be taken away.
Background:
Anyone can call the initialize
function, and an attacker can call the initialize
function in advance through front-running transactions.
The initialize
function will set the owner of the bridge.
The protocol has been deployed, so calling the initialize
function is an upgrade.
The bridge contract is the owner of many ERC721Bridgeable contracts.
If any NFT is cross-chain, the NFT will be stuck due to insufficient handling fees and other reasons. The owner needs to call the startRequestCancellation
function to request cancellation of cross-chain.
So:
Since the contract is being upgraded and there is already some status in the contract, redeploying the protocol will lose part of the ownership of the ERC721Bridgeable
contract.
If some NFT fails during cross-chain, the owner needs to call the startRequestCancellation
function to cancel the cross-chain. Because the upgrade was pre-empted and the owner became a malicious owner, these NFTs may be locked in the contract forever.
Since there was a direct loss of funds, I judge the severity to be high. The likelihood is medium, as front-running is not easy. So the risk level is H/M.
The protocol owner may have his authority taken away, causing the owner of ERC721 to be lost and the NFT may be locked.
manual
It is recommended that only the owner can call the initialize
function.
If frontrun at the first deployment, protocol will deploy again, no real impact: informational. Moreover it is already deployed and initialize on mainnet. For the upgrades, `initialize` can/will change for the next update since the owner is already set. A lot of protocol make that change. That’s why I consider it like a future feature and it is out of scope.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.