NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

Anyone can perform initialization, causing the owner's permissions to be taken away.

Summary

Anyone can perform initialization, causing the owner's permissions to be taken away.

Vulnerability Details

Background:

  1. Anyone can call the initialize function, and an attacker can call the initialize function in advance through front-running transactions.

  2. The initialize function will set the owner of the bridge.

  3. The protocol has been deployed, so calling the initialize function is an upgrade.

  4. The bridge contract is the owner of many ERC721Bridgeable contracts.

  5. If any NFT is cross-chain, the NFT will be stuck due to insufficient handling fees and other reasons. The owner needs to call the startRequestCancellation function to request cancellation of cross-chain.

So:

  1. Since the contract is being upgraded and there is already some status in the contract, redeploying the protocol will lose part of the ownership of the ERC721Bridgeable contract.

  2. If some NFT fails during cross-chain, the owner needs to call the startRequestCancellation function to cancel the cross-chain. Because the upgrade was pre-empted and the owner became a malicious owner, these NFTs may be locked in the contract forever.

Since there was a direct loss of funds, I judge the severity to be high. The likelihood is medium, as front-running is not easy. So the risk level is H/M.

Impact

The protocol owner may have his authority taken away, causing the owner of ERC721 to be lost and the NFT may be locked.

Tools Used

manual

Recommendations

It is recommended that only the owner can call the initialize function.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid-bridge-initialize-frontrun

If frontrun at the first deployment, protocol will deploy again, no real impact: informational. Moreover it is already deployed and initialize on mainnet. For the upgrades, `initialize` can/will change for the next update since the owner is already set. A lot of protocol make that change. That’s why I consider it like a future feature and it is out of scope.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.