ArkProject: NFT Bridge

Summary

The _white_list_collection function in the provided smart contract code is designed to manage the inclusion or removal of collections in a linked list of whitelisted addresses. However, the function contains a critical logic flaw that can result in the corruption of the linked list structure, potentially leading to collections being incorrectly whitelisted or omitted from the list, and causing unexpected behavior during list traversal.

Vulnerability Details

The bug occurs in the logic for updating the prev and next pointers when adding or removing a collection from the whitelist. Specifically, the implementation has several flaws that can lead to incorrect list manipulation:

1. Adding to the List:

   When a collection is being whitelisted (enabled = true), the code attempts to set the white_listed_list to point to the new collection and traverses the list to find the last element (prev). However, the traversal logic may not correctly identify the last collection, leading to an incorrect insertion point.

2. Removing from the List:

3. • When a collection is being removed from the whitelist (enabled = false), the code attempts to find the collection in the list and update the prev collection's next pointer to skip over the removed collection. If the collection is in the middle of the list, the traversal logic might incorrectly update pointers, potentially breaking the list.

4. The issue is present in the following part of the _white_list_collection function

Incorrect prev and next Handling:

• The logic for updating prev and next pointers during list traversal and modification is flawed. The way prev is set and used to update the list can result in incorrect linkage, potentially leaving the list in an inconsistent state

Impact

The incorrect handling of prev and next pointers in the linked list can lead to severe issues:

• List Corruption: The list might become corrupted, leading to elements being incorrectly linked or even lost.

• Whitelist Issues: Collections might not be correctly whitelisted or removed, affecting the contract's functionality that relies on the whitelist.

• Traversal Errors: Functions that traverse the whitelist may encounter unexpected behavior, potentially leading to contract malfunctions or vulnerabilities.

Steps To Reproduce

1. Whitelist a Collection:

   • Add multiple collections to the whitelist.

   • Observe the state of the list and ensure the prev and next pointers are correctly updated.

2. Remove a Collection:

   • Remove a collection from the middle of the list.

   • Check if the prev and next pointers of surrounding collections are correctly adjusted

Tools Used

Manual Review

Recommendations

To resolve this issue, the _white_list_collection function should be revised as follows:

• Correct List Traversal:

  • Ensure that the traversal loop correctly identifies and handles the end of the list.

  • Properly update prev and next pointers when a collection is added or removed.

• Refactor the Function:

  • Simplify the pointer update logic, potentially by breaking it down into smaller functions.

  • Include comprehensive checks and validations to ensure the list remains consistent after modifications.